Omniwallet is not built like most other web applications. We built Omni from the ground up with security in mind. First of all, as a rule omni never sends your password to the server. Your password is only used locally to unlock your private key(s). Speaking of keys, they are also not stored un-encrypted on the server. https://github.com/mastercoin-MSC/omniwallet/blob/master/design/login.md
Continue reading here as we go through our login and send transaction workflows with a technical eye.