so, I was talking to my friend a little while ago and he told me that he saw my main char on runescape and i wasn't answering.... but i usually don't auto on my main and i'm wondering if it could be a mistake of accidentaly putting him on my script's list or maybe someone or if he's just telling me this to scare me....

i changed my password and went on to my account... nothing seemed to be gone from my bank or anything

any ideas on what might be happening?

You yourself say "usually" maybe he saw you one of those "unusual" times? Just check your scripts and make sure you didnt declare your main in them, the only way someone could steal your pass with scar is if in the code it sent the script to a url where someone else could take it, but that would take some time to set up AND 99% of the active people on this forum are nice people who do this for the better of the community and the 1% arent good scripters...

There's really only two options for what happened, as I see it.

Your friend is lying to you and he really did not see your account in the game when you weren't on it.
Your friend is telling the truth and someone else somehow gained access to your account. Maybe a sibling did it, or maybe someone else guessed your password, recovery questions, or some other form of account security.

EDIT: I guess the above post could be true if you think you've included your account in the DeclarePlayers section of the script.

Scar is a dangerous tool in the wrong hands, not to scar (Pun intentional) you.

A script can easily send information about your username and password, but scar will blcok it by asking about the firewall popup. It is highly unlikely that there are any scripts around that does that though.

Just keep checking, when you login, the ip on the top. If it is strange, change your recovs and passwords immediately.

Edit: 9:29,9:29,9:30. We are spontaeneous, aren't we? :p

Scar is a dangerous tool in the wrong hands, not to scar (Pun intentional) you.

A script can easily send information about your username and password, but scar will blcok it by asking about the firewall popup. It is highly unlikely that there are any scripts around that does that though.

Just keep checking, when you login, the ip on the top. If it is strange, change your recovs and passwords immediately.

Edit: 9:29,9:29,9:30. We are spontaeneous, aren't we? :p

Im fastest! But least readable =D