You are welcome.
Yes, the MSPA website is a place to find legitimate companies who are members of the MSPA. There are a number of legitimate companies who are NOT members of the MSPA as well. That is why you need to look at lists from other sources as well. These are available here, for example, in the very first post of this thread. There is a mostly similar list at Volition.com.
A legitimate company is merely a real company as opposed to the scammers. A typical characteristic of the legitimate companies is that you go to them to apply for work rather than them soliciting you and asking for your personal data by email. (Though companies that use the Prophet4 system sometimes send emails to shoppers signed up with Prophet4 inviting them to their website to sign up.)
Being 'legitimate' is not the same as being good to work for/with. As with anything else in life, the universe of mystery shopping companies includes the good, the bad and the ugly. Hopefully reading this and other forums will help you sort those out for yourself.
As far as social security numbers. A few years ago the SSN was optional to be accepted as a shopper. Few of the websites had security and it was disconcerting to be sending that particular data over the internet unsecured. In some cases you could put in a fake SSN, such as 000-00-0000 and supply the data later if/when you were actually working with the company. With more and more companies providing secure websites you are likely to find that 000-00-0000 does not work or returns that "you have signed up already" because someone else used the number. This is a business of mutual trust, so if you see a secured website, I would encourage you to use your correct SSN. Some companies will not accept you as a shopper without it while others are not likely to allow you to work for/with them without your number on file.
Market Force is a legitimate company. It has 3 branches, each requiring a separate sign up. The green 'portal' I have not seen work on in quite some time, though they may have some tax shops these days. The purple 'portal' mostly does theater checks and merchandising. They are still referred to as "Certified" and there are several threads here about them. The 'blue' portal mostly does fast food and other small shops. These days they are loaded with tax shops. Most of the discussions here about the 'blue' portal just refer to them as Market Force or MFI.
Coast to Coast, with whom you have signed up, is mostly or entirely a scheduling company. This means that they are trying to find shoppers for jobs for other companies rather than generating work on their own.
We have to assume that our information will be kept secure and confidential by the companies with whom we sign up, though unfortunately that does not happen 100% of the time. You know that old saying that, "The exceptions prove the rule?" There generally is enough shopper yelling when personal information has been compromised that you know it doesn't happen often due to the relative silence. But compromises of data can happen anywhere, any time. A friend is currently battling with the banks because his wife recently died. Suddenly her credit card number was being used for charges worldwide. The police expect that someone in the information chain starting at the funeral home, compromised and sold the information. (For a death certificate you are providing that critical information--social security number, date of birth, place of birth, parents names including mother's maiden name, etc.)