I mean you can believe what you want...
if it makes you feel better to believe that runemate got hacked, instead of accepting that you were uncautious and got hacked on your own, then so be it
feel free to debug any sorts of connections going from the client to the runemate server. you'll find that the only time it's transferring your accounts login information (IF you enter them into the client) are encrypted. they're encrypted with your runemate login credentials (maybe amongst other things, idk). Technically arbiter could use the rm credentials you're sending to the server by logging into the client to decrypt your players credentials.
Let's ignore that this is already extremely unlikely, but okay, it is a minor security flaw.
Now arbiter has hundreds of thousands of player account credentials. What's he gonna do then, just pick random ones? or go after a specific runemate user? there isn't even a guarantee those credentials are valid.
Runemate sends very few information such as gp in inventory, any rings of duelings equipped, or a part of your quest list, in order to build navigation paths using runemate's web. this data isnt even mapped to a distinct player you've added to your client, just to your runemate user.
Lets assume he'd go by the accounts with the most wealth currently in the inventory by using the data of a completely different service (it's getting more and more ridiculous as you can see). Now if arbiter logged into these accounts, you would see a lot of users complaining about locked accounts due to suspicious account use, namely differences in IPs, jagex does that pretty easily.
Now i've seen some ban reports, and i've seen some "hacked" reports, but i've never seen a single "account locked" report on the forums.
Please do not feel offended, i really just want to make things clear.
TLDR: even if (and thats a big fucking if) the recent downtime involved a huge database leak, there are encryptions in place that prevent anyone from reading your account information.
