@Tanvi_Mittal security of your account when using Ditto is something I’ve thought a lot about, and so I try to keep hold of as little data as possible (one reason why all data relating to a transfer is removed automatically after 36 hours).
Ditto uses an OAuth token to access Asana on your behalf, rather than a password. Ditto keeps that token around long enough to complete the transfer, but afterwards it’s deleted. If you are concerned about this you should de-authorize Ditto completely in your Asana account settings - I don’t think changing your password will make any difference, as Ditto will still be authorized as far as Asana is concerned.
I think good security ‘hygiene’ is an excellent habit - I know I have authorized loads of apps to access my Twitter account over the years for example, and it’s good to review these permissions and clear them out if you don’t plan on using the service again.
Of course let me know if you do have any concerns, but I’m glad you found Ditto useful!