Looks really good. If it wasn't for javascript's cross origin protection, it would be possible to do all of this client side (which would mean that credentials wouldn't need to be sent to a third party). Haven't spotted a route around that yet.

On the other hand, I noticed that the if-this-then-that system is obviously given an OAuth style authentication to the evohome backend meaning that you don't need to give them your username and password so maybe this shows the direction Honeywell are going with allowing other applications access to the evohome data.