[seandougall]

How would OAuth help? The problem is training users that it's okay to enter their username and password into any schmuck's app... which is exactly what they'd be doing with OAuth. OAuth and its ilk are neat ways for honest app developers to avoid touching user credentials, and therefore (presumably) would have been a better solution for Sunrise, but they offer no protection against phishing in a native app.

Of course, OS X Authorization Services prompts for keychain access with a standard dialog that just pinky-swears it comes with the OS's blessing, so maybe Apple's approval of this practice shouldn't come as such a surprise.