WW... I'm not on goko and not prejudiced in their favor, but I maintain an insurance company's website for a living. Couple observations...
1. It's not a fair question to ask if everything is "good security-wise". That's like asking your doctor if you're 100% healthy. What doctor can test you for every single possible disease and abnormality? What doctor is a specialist on every organ of the body? Especially if you don't have symptoms.
You can ask a doctor if this skin spot is cancer, or what it means to have a fever and chills... I.e. specific questions. And so too with goko... you can ask if credit card info is saved on their site, if it's encrypted, if players can hack to see their opponents' hands, if you can trick the game into buying platinums on turn 1, etc. Those are questions that can be answered. So I would encourage you to write out every specific thing you can think of that you are concerned about, so we/goko can go through them 1 by 1.
2. It sounded like you were concerned that somehow a hacker was going to punch through goko and take over your computer. This, frankly, is totally unrealistic in today's internet. You are vastly undermining the armies of security professionals who work for (a) internet servers (b) web browsers and (c) operating systems. (Not to mention firewalls and anti-virus companies.) All 3 are continually being patched/updated to deal threats that came out last week.
I'm not saying it's impossible to have your computer taken over... That is possible if you go to a site that is intentionally trying to do that... What I am saying is that there are multiple layers of security built in to the way the internet works in 2013. There are at least 3 levels of checks that stop websites from running code directly on your computer... And these checks are maintained by non-goko companies. In other words, even if goko was no more secure than a cardboard box, my browser, google chrome, itself prevents all websites from accessing any data or running code outside of the tab the site is in without my permission. They can't even access info from other tabs in chrome, let alone delete files off my hard drive or install a program.
3. Security and bug-fixing is very much like an immune system. You get the flu, body develops a response, then you're immune to that strain. Kids are sick all the time, developing immunity that serve them for the rest of their life.
Programming is the same way. New software is buggy, someone gripes about a bug, programmers fix it, never an issue again. Hell, StarCraft 2 Heart of the Swarm came out yesterday, and there was a patch for it today... And that's with one of the best game companies in the business. Even Blizzard couldn't catch everything before release day.
What goko can be criticized for is that they let the public (beta testers) see things too early. They launched with too many bugs. This was a marketing mistake.
But they have been fixing them. You can't buy platinum on turn 1. The "immune system" is working.
4. My sense is that this isn't really about specific security questions, but rather a much more esoteric issue... Reputation. For you, goko's reputation took a hit last summer. They've made a lot of fixes to their system, but you are unwilling to forgive them or even give them a fresh look as if you first heard about them today. I'm not saying you don't have your reasons or aren't justified, I just think you should at least recognize this thread for what it really is... "I'm WW, I don't trust goko (and you can't make me)"
No, we can't. All I can request is that you be fair. Last July 4, the company responsible for the San Diego firework show had a bug that simultaneously shot off all their $500,000 worth of fireworks in 20 seconds. You can YouTube the event. They investigated the cause and gave a detailed report about the problem. Now this year cities have two choices: they can use this company and assume that they worked the glitch out and their show is more robust for it... Or they can hire another company, because, you know, company b has never had a glitch, and company a had a big one.
My question is: Is it fair to boycott company a after they acknowledged and fixed their glitch?
Anyway, hope this helps.
All the best....
David