Sure but the alternative we are talking about here is encouraging developers to paste their API keys into random web pages.
I don’t think we should accept the argument that since implementing a respectable authorization scheme might take a bit of effort, it’s okay for sites to ask users to just hand over their password.
I don’t think we should accept the argument that since implementing a respectable authorization scheme might take a bit of effort, it’s okay for sites to ask users to just hand over their password.