Omniwallet is not built like most other web applications. We built Omni from the ground up with security in mind. First of all, as a rule omni never sends your password to the server. Your password is only used locally to unlock your private key(s). Speaking of keys, they are also not stored un-encrypted on the server.  https://github.com/mastercoin-MSC/omniwallet/blob/master/design/login.md

Continue reading here as we  go through our login and send transaction workflows with a technical eye.

-Shannon

Mastercoin Security.