I often get this question from customers for legitimate use.
See this Chilkat blog post on the topic: http://www.cknotes.com/?p=349
1) You should only be writing an app that authenticates with a web site for cases where the web site owner expects it and allows it.
3) If the site owner wishes to allow for programs to authenticate, then the process should be publicly documented, or you (the app developer) should be in direct contact with the web site owner to gather the information required to accomplish the task.
The answer is in the question above..