As far as I understand it, there are ways to live source a website's code. If that's the case then perhaps it would be possible to have people trust the site not to steal credentials? Possibly along with general reputations of different websites this could be possible. Also, if you exclusively use posting keys, the risk would be limited to a malicious site posting something from your account, which I do not particularly see as worth the time and effort to design and maintain a site, but I may be wrong.