Think they really should have done it the other way around. We already trust steemit.com with our active key, keep that one as wallet site and make a new social.steemit.com that we only need to trust with our posting key. This way I fear it might open up a phishing hole.