I checked to see if there was a subgroup that would better address the question but I didn't see one. I also scanned the related questions, but none came close.
When logging in to stackexchange.com, superuser.com, I can
- supply my own email and password,
- or I can click on a "Login using..." link.
Here's the question: how risky is it to click the "Login using..." link, either here or on other sites?
What am I hoping for in the answers? Answers that answer from two points of view, 1) from those taking the high road, or 2) from those other, rogue programmers. Things like,
• What is in the page code that allows me to click a link and get logged in without providing a password?" It may seem obvious, but from my perspective, it's not. It puts me on edge because some scary unknowns arise. (What's not obvious is where superuser.com or stackexchange.com gets a) my email-password combination or simply b) a flag somewhere that says, "Some time previously in this person's browser sessions he's authenticated himself and has proved he's the person he claims to be.")
• In its authentication of me, does it somehow get access to my other account that's getting used to authenticate me?
• Even though it can't or won't access my stuff, can it access my stuff?
• Here's the scarier question: Will other sites [have | not have] access to my stuff, or does that depend on the level of code on those other sites' pages and the good or bad intentions of those individuals behind those pages?
It's complicated to try to ask and explain. I hope I've been clear.