It is - it's really based on trust. The truth is anytime you give any credentials to anyone, they can abuse it (to the extent the credentials allow.)
For services that don't have something like OAuth to give a token-based credential that is limited in scope/time, the only option is to give full access via username/password. The biggest risk here would be if the other site were to not only spam using the user's account, but hijack it completely changing the password or even the email account. With a token-based authorization, you can always revoke the token and never expose the authentication of the account.
But since the value of a hijacked hackernews account is relatively low, it seems to me people might be more likely to trust such a process (assuming it added value.) If it was malicious, it would be discovered relatively quickly and the ruse would be over, with little to nothing gained for the effort.
For services that don't have something like OAuth to give a token-based credential that is limited in scope/time, the only option is to give full access via username/password. The biggest risk here would be if the other site were to not only spam using the user's account, but hijack it completely changing the password or even the email account. With a token-based authorization, you can always revoke the token and never expose the authentication of the account.
But since the value of a hijacked hackernews account is relatively low, it seems to me people might be more likely to trust such a process (assuming it added value.) If it was malicious, it would be discovered relatively quickly and the ruse would be over, with little to nothing gained for the effort.