Jim, What you're suggesting is basically what they offer with OAuth. Apps are given a token to represent logins and a secret key to represent passwords for their authenticated users. Both are very long and impossible to guess. This mechanism works very well and basically corrects all the issues with collecting actual logins and passwords from users.
Scott
