Two things come to mind:
1) Why do I have to enter http://www.livejournal.com/interface/atomapi ... why not just "livejournal.com" and a) trust the phone adds http, I think it does, b) auto-detect the AtomAPI post, and reroute it to the right handler in mod_perl, and c) make sure our canonicalizer doesn't redirect the AtomAPI post to www.livejournal.com, because that's just unnecessary for a non-browser.
2) we should have an option to have "post-only" passwords, similar to the post-only PINs we have for phone/email posting. hell, maybe use the same one. But I should be able to tell LifeBlog a "lesser" password that can only do the protocol "postevent" and AtomAPI/Blogger equivalents. This also means when you give a password to Flickr/etc, all they can do is post as you, not login, not delete, not change your password, etc.
I'll be at OSCON all week, but I'll happily accept patches. :-)