Interesting, the oauth way would probably be the safest way to go. Have you thought about the feature request at all? I understand that there are much more important things to do but just wondering if you've thought of a solution. For example if you know that you will add oauth to support the feature then I'll just implement oauth on my end and swap it later