Using UDIDs for authentication isn't a good idea for a serious app. Even if it were unspoofable, devices aren't users. Users have iPhones and iPod Touches and iPads; they upgrade; they sell devices to other users.
Let me rephrase - if I were making a game, I wouldn't bother with a username and password. What's the point? Just ask for a nickname when entering the high scores :)