Realize that all it says is: password (not posting keys, active keys, etc.) If anything, it looks like a phishing attempt to get master passwords.
and that 95% of people will have to do this by hand on their mobile. A simple QR code scanning just like steepshot does would have worked great.
We are aware of all these points zappl is being done in phases. We will make sure to put a post key warning in on next build. It takes a while for these builds to be approved some up to 24 hours.