Well without a unique ClientID for apps you can't really do OAuth/OpenID stuff, there's no way to register for one of those that I can see.

I'd love for an OAuth or OpenID endpoint to be added to support at least basic web-app pairing; with that a lot of the other API functionality would fall into place almost automatically since the site is already so heavily JSON based.

Honestly just keep building the site using JSON and client-side formatting, and 99% of the work for an API is already done, you don't even need to 'officially' support any of it beyond the authentication endpoints that'd be needed, just make old API calls return an error if ya' replace them and web-apps can adapt while you're still sorting out the site fully.

...there's a dedicated download button right now?

I just right-click (or long-press on my phone or tablet) and pick 'Save Image' already, so removing a button I never knew existed would make zero difference to me.

And if a site even remotely attempts to block right-click or the like I (and most others I know) have numerous tools to block those attempts entirely already.