I agree. Personally, I'd like to move api over to OAuth2.0, although this may require a bit of discussion. The current API has a number of issues which OAuth2 would go a long way to solving.
Actually wrote a Known plugin that does this some time back, so it may be worth adopting that and cleaning off the bitrot.
@benwerd, what are your thoughts?