At least at one point, Mint used a information-clearinghouse by Yodlee that (by my understanding) did not require indefinite storage of actual login credentials for continued service, at least not for all target banks. Instead, after initial authorization, Mint held its own persistent delegated read-only credentials -- but not full read/write and login capabilities. This was essentially like the OAuth-style solution this author advocates (though using a system, Yodlee, that long predates OAuth itself).
I could be wrong about any of this, but I believe this was what allowed Mint to say, among other things, that they could provide your financial information without even knowing your name, and that no possible compromise of their servers could result in bank transfers.
Mint's current privacy info is insufficiently detailed to know if they still use this approach. They say "your bank login credentials are encrypted", suggestive that they retain 'login' abilities, but that might be a simplification or fallback (when the read-only delegation is unavailable).
Unfortunately, describing security in more detail often confuses and unnerves customers more than just saying the magic words that make people feel safe. So most companies, whether they are good or bad at security, oversimplify in their descriptions. (That is: the public descriptions that are most true and useful to knowledgeable users won't win an A/B test, maximizing either conversions or feelings of trust, with most customers.)
Yodlee's a big screenscraping shop (I remember rumors of having large teams dedicated to just keeping the scripts updated). I don't see how any delegated credentials could work in that case.
Mint has switched to Intuit's backend (there was a thread on Quora about this) but I doubt their approach is any different since a lot of banks just don't offer any OFX/other APIs.
I think the argument is that Mint would not need to store the users' raw bank credentials. Yodlee does need to hang on to the raw credentials, but Mint (when they were using Yodlee) only needed to pass them through to Yodlee in exchange for a token.
My assumption was that once Yodlee proved they weren't going away, they could strike privileged deals with banks that obviated the need for screen-scraping, to the mutual security benefit of everyone.
I could be wrong about any of this, but I believe this was what allowed Mint to say, among other things, that they could provide your financial information without even knowing your name, and that no possible compromise of their servers could result in bank transfers.
Mint's current privacy info is insufficiently detailed to know if they still use this approach. They say "your bank login credentials are encrypted", suggestive that they retain 'login' abilities, but that might be a simplification or fallback (when the read-only delegation is unavailable).
Unfortunately, describing security in more detail often confuses and unnerves customers more than just saying the magic words that make people feel safe. So most companies, whether they are good or bad at security, oversimplify in their descriptions. (That is: the public descriptions that are most true and useful to knowledgeable users won't win an A/B test, maximizing either conversions or feelings of trust, with most customers.)
Update: Here's an old thread where I had questions, and a link provided by timf contributed to my understanding above: http://news.ycombinator.com/item?id=412715