We've just deployed https://gerrit.wikimedia.org/r/#/c/102618/ which implements the identify method as part of our OAuth handshake with meta.wikimedia.org. This is a much more secure way of using pseudo-authenticate with OAuth, so everyone can rest easier that their user names won't be hacked.
As always, let us know if you run into trouble.
Dan
wikimetrics@lists.wikimedia.org