Major Security Boo-Boo
Personally, I’m a fan of content providers issuing PKI certs to users. A compromise of your public key doesn’t compromise your account unless they can get your private key, too. As long as we rely on username/password, the ability to harvest credentials through fraud will always exist.
That said, username/password is considered “good enough” for my bank; it is my responsibility to check the site to which I am connecting (A non-trivial task considering how often they merge and change their name).
Hutchmistress of the Fluffy Bunny Brigade [FBB]
Sounds like a potential problem. Having separate login and account-access methods could add some security, maybe. One way would only allow playing of the game for example, and the other way would allow for everything else with the account. Food for thought.