We've just deployed
https://gerrit.wikimedia.org/r/#/c/102618/ which
implements the identify method as part of our OAuth handshake with
meta.wikimedia.org. This is a much more secure way of using
pseudo-authenticate with OAuth, so everyone can rest easier that their user
names won't be hacked.
As always, let us know if you run into trouble.
Dan