I've been wanting OAuth for stuff like http://calendaraboutnothing.com/. There's no way we should advocate entering GitHub passwords or API tokens into a 3rd party web apps.
Agreed! I want to build our entire community site around Github, but I don't want people to provide their usernames/passwords, and I'd prefer a way to specify whether or not they're providing access to SSH keys, which I don't need.