Your key is stored, but stored encrypted - and even the encrypted form is not actually saved to disk in our server.
The server could of course store the key instead of encrypting it though and you only have my and charlie's word on that. If it helps, it'd be quite silly to actually hijack someone's account while trying to build things for the community .
Then of course there's the fact you can generate a second posting key in the cli wallet and use that instead. If SteemPower ever becomes untrustworthy then you can revoke that key.
You are correct in saying that you could ask the same on facebook or whatever - but at least with SteemAccess we are actually taking precautions to NOT store your key until it's used. Then of course third party apps can be authorised safely because SteemAccess can revoke caps if the third-party app is malicious.
I'm quite proud of this system actually - all of this works without a database at all (seriously - there is no database) unless you count the blockchain as a database. A bit of crypto magic means that we encrypt your key and any parameters needed to perform the action requested by the app, and then we go insane and send this to the app - which can now use the cap to do stuff until it's expired (an expiry timestamp is simply checked against current time - still no database).
When making an HTTP request, you send the URL you're after back to the server. The server then just treats it as a string, decrypts it, checks for expiry or revocation and then does what was requested and sends back results.
Your posting key is basically stored with the authorising app, but in a way they can't access it.
Thank you very much for along and thorough answer. I can see that you care about this. Congrats.
I don't have doubts in you or your services. I was simply voicing the most prominent question. And I've got a great answer.
By the way - I consider blockchain to be the database. The mother of all future databases :)