Google’s AuthSub is a nice solution to some of these cross site issues. I found it easy to authorize and import Google Docs without seeing a user’s credentials or resorting to the ‘benevolent phishing’ maneuver.
http://code.google.com/apis/accounts/AuthForWebApps.html
Unfortunately it’s not supported for all of their APIs yet.