I would tend to agree that a lot of "random" sites asking for your online banking username/password is not ideal. This is potentially a step in the right direction since it's "iframed" so the host site presumably never has access to your credentials. But then you have to worry about who Dwolla (or Plaid) is which I'm guessing most of America doesn't.