I guess the only way I could see these “import” features really working well would be to compartmentalize: In GMail for example, have a way to allow access only to (approved) contacts, and only with a password or passphrase that’s separate from your main login.

That way you at least have some control over what these sites see/do/reveal once they’re logged into your GMail/etc. account

My email to them:
=-=-=-=-=-=-=-=-=-=-=-=-=-=
Subject: lack of SSL

I noticed that the pages you have to import contact information from other sources (specifically for me LinkedIn and GMail) are not
encrypted.
I am not comfortable putting in my password information on a page that isn’t secured by at least 128-bit SSL.
=-=-=-=-=-=-=-=-=-=-=-=-=-=

Their reply:
=-=-=-=-=-=-=-=-=-=-=-=-=-=
Good catch. However, anywhere you place your PW or any type of authentication to Plaxo plus any other sync point are in SSL. When transferring data such as data syncs between LinkedIn or GMail, those are not in SSL. Why? Because they don’t support it. In fact, all sites like Yahoo and Hotmail practice the same method – it’s only when you’re signing in or when changing password (actually, anytime credentials are requested) is when the SSL pages are used. And because we have to work with their sites, we must abide by their protocol.
=-=-=-=-=-=-=-=-=-=-=-=-=-=

What? I use Greasemonkey to force SSL for every single page I view in GMail. I know it’s possible.