When I return to the site after a few hours - or even a few days - I see that I am still logged in. I accept that it is my responsibility to log out if I want to be logged out. However, for the sake of user security and the trend towards financial webapps to automatically signing out users would be a security bonus for your users/customers.
I'm no expert, but ways to do this may include:
* shortening the validity of the cookie that allows the site to identify the user
* client-side sign out after a period of inactivity (could be interfered with so this shouldn't be the only component of a solution)
* server-side sign out after a period of inactivity
Thanks for an otherwise excellent product!