On the one hand, that's desirable, because the blockchain is open and decentralized. There have been other decentralized social networks out there already for a while (Diaspora*, Friendica) that also have different "pods" or "hubs" in the web (though you can mostly log in only at your "home pod").

On the other hand, of course someone who runs a web frontend could be malicious. Though your wallet keys and passwords could and should all be handled client-side (in javascript), an evil web administrator can of course serve a modified version that sends home your passwords and keys.

But you also have to trust the guys who run steemit.com that they don't secretly store your private keys and passwords.

That's why the best solution for a blockchain-based social network would be its own client, its own app to install and run.