How safe are contacts importer scripts?

I’m looking into using a contacts importer script in my site (see here). Would be a great way to improve the number of recommendations to our site, and we don’t have much time to develop our own to run a special promotion. So this looks like a nice option, but I’m concerned about the security of my visitors data.

  1. How safe are these type of scripts for end users that are typing their passwords in my site?
  2. How easy would it be for someone to hack my site and get the passwords as they are being sent?

Any suggestions to make this more secure are appreciated.