Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission
https://mail.gnome.org/archives/shotwell-list/2017-January/msg00048.html