Yes but but if marketing drives their security decisions, where else do they leak? What data do they sell? If they play lose with security, in what areas do they also play lose with your security? With your login email? Payment data? Do they sell your credit history? How do they vet their employees?