I think companies should still provide a way to link accounts via small deposits. It takes a few days, but at least you don't have to share your credentials. (This applies to US accounts, maybe there are better solutions elsewhere.)
If you use Plaid, I think it should only be if there's no other option and you change your credentials after. I've always thought giving away your credentials to a screen scraping company like Plaid was crazy.
In terms of the class action lawsuit, the only one who will see a meaningful payout from this are the lawyers.
Their UI makes it really hard to find this option though, because Plaid makes their money from scraping your transaction history, which doesn't work if you do the micro-transaction approach.
As a consumer, I'm not a big fan of Plaid's business model. But to be fair to them, a lot of the security issues come from the fact that until very recently, no US banks had any form of API to allow delegation of access. Based in large part on the success of Plaid, this is starting to change; some institutions are banning Plaid from using the password-based flow, and are replacing this with a more secure OAuth flow:
This is the correct solution to the technical problem at hand. It'll benefit other systems too; for example it should be possible for open-source accounting software to use this flow to export your transaction history in a maintainable way, which previously relied on scraping that's unfeasible for an OSS project to keep up with (but which Mint could afford to implement).
Hopefully the banks let you selectively grant permissions "can view my account list" and "can view my transaction list", or at least surface those permissions, so that consumers can be aware of what they are giving away -- I'd wager that most end users have no idea that Plaid is slurping their transaction history, and would be even more shocked that it's maintaining ongoing access to continue doing the same.
If you use Plaid, I think it should only be if there's no other option and you change your credentials after. I've always thought giving away your credentials to a screen scraping company like Plaid was crazy.
In terms of the class action lawsuit, the only one who will see a meaningful payout from this are the lawyers.