That doesn't actually avoid the problem though. If someone else finds out your password then they can authorise a site that you're not aware of and keep (some) control of your account through that site until someone tells you to manually check your OAuth connections page and revoke access. That's hardly an ideal situation and is still a security issue.