The password anti-pattern. What I don’t understand is why Google / Yahoo! / other webmail providers haven’t just deployed a simple OAuth-style API for accessing the address book. Sites have been scraping them for years anyway; surely it’s better to offer an official API than continue to see users hand out their passwords?
Sign in with 
OpenID
After a quick glance I wouldn't call Google's authentication for web apps simple, but it does exist. I'm told this API would allow a service to access your contacts in a secure way.
That would certainly do the trick (as would Yahoo!'s BBAuth), but as far as I know neither Google or Yahoo!'s APIs actually include access to the address book, which is what the scraping sites are looking for.
Looking more carefully, it seems you're right. Obviously I was misinformed.