My copy pasta is better
feel free to debug any sorts of connections going from the client to the runemate server. you'll find that the only time it's transferring your accounts login information (IF you enter them into the client) are encrypted. they're encrypted with your runemate login credentials (maybe amongst other things, idk). Technically arbiter could use the rm credentials you're sending to the server by logging into the client to decrypt your players credentials.
Let's ignore that this is already extremely unlikely, but okay, it is a minor security flaw.
Now arbiter has hundreds of thousands of player account credentials. What's he gonna do then, just pick random ones? or go after a specific runemate user? there isn't even a guarantee those credentials are valid.
Runemate sends very few information such as gp in inventory, any rings of duelings equipped, or a part of your quest list, in order to build navigation paths using runemate's web. this data isnt even mapped to a distinct player you've added to your client, just to your runemate user.
Lets assume he'd go by the accounts with the most wealth currently in the inventory by using the data of a completely different service (it's getting more and more ridiculous as you can see). Now if arbiter logged into these accounts, you would see a lot of users complaining about locked accounts due to suspicious account use, namely differences in IPs, jagex does that pretty easily.
Now i've seen some ban reports, and i've seen some "hacked" reports, but i've never seen a single "account locked" report on the forums.
Please do not feel offended, i really just want to make things clear.
