(Context: I'm the cofounder of a pre-launch site called Boffery, a visual private diary of a user's sex life.)
Everyone tells me that, and everyone is right. There's one service I'd love to partner with if I ever got the chance. Hopefully you'll never need to use this, but inSPOT is getting popular in the Bay Area as a way to discreetly tell people you may have given them an STD: http://www.inspot.org/gateway.aspx
Ha, yes, that's a major concern for us. We lucked out and found some very experienced people who've worked with federal financial data. We're assuming major security threats from (before) Day Zero.
One advantage is that all Boffery accounts are private. No one knows you have an account on Boffery unless (1) they email you a friend invitation on the site and (2) you accept. While this only protects against certain forms of attack, it does make us a slightly less inviting target. There is no Barack Obama or Kevin Rose of Boffery until they choose to publicize their accounts elsewhere.
Plus we will not use a dictionary-searchable admin password. Ha.
I'm sure I will waste all my karma this fall asking HN to pick apart our security plans. But for now, I just wonder if choosing sex as the test of this sort of high-security, process-intense visual social network format wasn't just the thing to keep us from scaling TOO fast to keep up with reliability and security.
