> i would stay away from asking for very sensitive info > such as "mother's maiden name" or "last 4 #s of your > SSN", etc. these are routinely used by banks and why > would i give this info to a small site w/o having any > assurance that it will be kept encrypted and/or the > machine the database is on is well-protected? if my > mother's maiden name is compomised, it can't be > changed but i still need to continue using it for > banking! smaller independent sites don't care about > security (they'd probably like to but don't have > resources) as much as banks or places like PayPal do. Well pointed out. Question: is it worth detailing what information will be encrypted for the user's benefit? On a site of this nature, I doubt it would affect anybody's decision to sign up, but it might be reassuring for some.