As long as Steemit does not offer an authentication service, third-party server-side solutions which handle keys and/or passwords will definitely be a security problem. Also, determining which service is trustworthy simply is not possible.
I can think of a work-around, however.
Let's say a third party service shall be able to create posts. This service could just store new posts and flag them as unpublished.
Then you would have to tie this service to a pure frontend solution (for example a mobile app), that is a hundred percent open-source and works as a middleman.
This app should store the required keys on your device only, fetch the unpublished posts from the third party service and submit them to the blockchain.
If you do it this way, your keys would never be shared.
RE: Proposal To Make Steemit Safer