On a lot of IndieWeb sites, I noticed that profile images of webmentions get directly embedded from their original source. For example, Twitter profile images are loaded directly from Twitter servers (pbs.twimg.com) or even my profile image is directly embedded from my site.
There are some online services that use email login. This means that instead of a combination of user name and password, only the email address is entered and a login link is sent to it. Basically, this is a good option to increase security a bit. The service only needs to store a list of email addresses instead of the corresponding password (hopefully encrypted and hashed) for each user.
The openness of the system is often praised as one of the main reasons for Android enthusiasts. You can install apps not only from the official store (Google Play) but also from other sources. But isn’t that like running a Windows computer without a virus program?