If you are paranoid like me, you can make a posting key that should allow you to log into the steemit.com website without entering the private key that grants full control of your account.
First, make a new key pair with suggest_brain_key, let's imagine it looks like this:
suggest_brain_key
{
"brain_priv_key": "BUNCH OF WORDS NO ONE HAS EVER UTTERED",
"wif_priv_key": "5STEEMPOSTINGPRIVATEKEY",
"pub_key": "STMPOSTINGPUBLICKEY"
}
Now, save the private key (wif_priv_key) securely.
Take the public key (pub_key and use it as the 5th argument to update_account.
We'll pretend we are updating the account steemit:
update_account steemit "" STM65wH1LZ7BfSHcK69SShnqCAH5xdoSZpGkUjmzHJ5GCuxEK9V5G STM65wH1LZ7BfSHcK69SShnqCAH5xdoSZpGkUjmzHJ5GCuxEK9V5G STM65wH1LZ7BfSHcK69SShnqCAH5xdoSZpGkUjmzHJ5GCuxEK9V5G STMPOSTINGPUBLICKEY STM65wH1LZ7BfSHcK69SShnqCAH5xdoSZpGkUjmzHJ5GCuxEK9V5G true
In this example, the owner of the steemit account would sign in to steemit.com with the the private key 5STEEMPOSTINGPRIVATEKEY.
So if there is some spyware in one's browser, the most it can do is post some spam and not actually spend any STEEM owned by the account.