Yeah, I’m sure thousands of people having to register their own app makes sense.
And you’re missing the main point here, which is in what way is it more secure to change the whole auth process to go through a third-party server (which would be much more at risk of leaking a large amount of login data, if it were to happen at all), when the only way for a token to realistically be leaked would at the same time also leak all the other credentials needed to refresh the tokens through the third-party server, since they would all be stored locally in the same place anyway. It’s not about being lazy or not wanting to change, I’m all for making things better and more secure (hence me considering all the options and writing long posts about my thoughts on it). I simply don’t see how it does make it more secure for an app of this kind, except for the very rare occurence of accidentally showing your token on stream or if an attacker that has access to that leaked data is too lazy to figure out how to make a request to the third-party server.