A note on OpenClip
Using this, an app can read any saved authentication information in any other apps — for example, an app could steal your Flickr API key from any other apps that you’ve trusted with access to your Flickr account. Or an arbitrary app could read saved passwords from a password-manager app.
I don’t think it would be possible for another app to steal your app’s access to Flickr. Your secret key would be hardcoded in your app and short of some magic crawling through the binary, noone could send a message as you, even if they had your api key (easy to get for an app as it’s clear text in your POST/GET) and they pulled the user auth_token out of your app’s data directory. (Hopefully Richard will correct me if I’m wrong about this).
As for a password manager app, God help you if your password manager is storing stuff in plain text. OnePasswd sure doesn’t. And if the iPhone has Keychain, noone with a brain should. In fact, if the iPhone has Keychain, hopefully your app accessing Flickr put the user auth_token in there.
