That's true, or they could just have an API key generator on login under the more button or something so we don't have to worry about exposing any account info.
I was just thinking, when (if) this gets added, could the packet be changed so that the bot providers cannot change our info (without our API key), while still allowing users to send the packet to change our own?
Then, with the API key (or token, in your post @Admin), bot providers can have a place where we input the API key on their site, which lets them change our info only if we mean for them to.
Because as of now, bot providers can change our info without consent (if we have the power enabled), even if it's only until refresh.