We've just deployed https://gerrit.wikimedia.org/r/#/c/102618/ which implements the identify method as part of our OAuth handshake with meta.wikimedia.org.  This is a much more secure way of using pseudo-authenticate with OAuth, so everyone can rest easier that their user names won't be hacked.