Yes, I use them. I prefer them to any online service because they are completely under my own control. I do wish that I could securely sync them, but ever since Firefox completely broke the security of their Sync system, there's nothing I can rely on to safely sync for me. It's not a huge deal
The old Firefox sync protocol used secure keys to encrypt user data; the new protocol uses one's Firefox account password to encrypt it. A memorable password is a low-entropy password, which means it is an insecure encryption key.
Mozilla's protocol purports not to reveal passwords to Mozilla itself, but the security of the system rests on Javascript files delivered from … Mozilla. They can, if they wish, target a user and serve him suborned Javascript which send the plaintext password back. Unlike a tampered build of Firefox itself, which might actually be noticed, this could be a one-shot attack.
Worse, not just Mozilla as an organisation can do this: it can be compelled to do so on behalf of any government which has the power to compel it (or those employees capable of targeting someone).
Curious how that's a security issue? Bookmarks are just public links, so there's no problem if someone sniffs them out, right?
Do you mean if a site stores cryptographic information in the url? Or is it the act of syncing with your local machine that introduces surfaces of attack on your local system?
Firefox Sync used to be protected with high-entropy keys; now it's protected by a (likely) low-entropy password. Moreover, even if one uses a high-entropy character sequence as a password, Mozilla are able to target one with malicious JavaScript and snarf that password at will.
