It might make more sense to allow non-sensitive RPC commands to function without a password. Where "non-sensitive" would be getblockcount/getdifficulty maybe getnewaddress/getaccountaddress and a new 'you clicked on a bitcoin: URI so popup a payment confirmation dialog'.
That's a very good point. I guess I'm too used to thinking in terms of desktop applications that don't have a bunch of money attached to them
In which case, I could create a patch where:
1. The non-sensitive commands you mention are accessible without a password.
2. The RPC server is enabled by default, but without a password only non-sensitive commands are accessible.
3. An additional -noserver option forces the RPC server off, even for non-sensitive commands.
Does that sound better?
(The Bitcoin URI command sounds like something that should be dealt with in a follow-up patch.)