For regular user it is very hard to tell if app is using your key only locally to sign transactions or is it sending that key somewhere and storing it online for malicious or ignorance reasons.
SteemConnect v2 is going to solve most of such concerns, it is an awesome service that would help both developers and users.
I'm looking forward for wider adoption.