Fight your way out; only scrubs and mashers jump out of the corner
I would whip up a REST api that would allow third party developers to create apps that interact with Bungie.net.
With an API key validating the app, and oauth verifying the identity of the end user, it would grant access to limited personal information, messages, and track forum activity for threads the user posts in. It would not allow the user to change any identifying information about their profile ( gamer tag, email address, password, etc )
This would be distinct from the ( now deprecated ) Reach Stats API and would focus on one's general Bnet presence.