It's possible but we would have to see the code that is being used on the web page. If it is open source and we can review that the keys are generated locally on the users browser then it's unlikely. However if the user receives the keys by other means (like email) then it is possible for the third party to keep a copy of the keys.
You are viewing a single comment's thread from:
The published open source code (if there is any) may not be the actual code that runs the web site. Also, the owners of the site can change the code at any time, and there is no way for us to know what code was used at the time of creation of community321 account.
That's the problem with trusting webapps, and it applies to any web application that asks for keys (steemit.com, steemitwallet.com etc. — they too could have been temporarily compromised at some point in the past).
That is true, only if you inspect the code running on a web app can you have some security but not everyone has the necessary knowledge to do it.