Beside that, the more possibilities you give to external applications, the more vulnerable you make the system. Either from well intended but badly scripted apps, or through malware.
I think you overestimate the security inherent in the current system.
If the kiva website did not change I could easily write a program to do everything i am suggesting, but since it does change, my app would likely break with every update of the system.
I am not suggesting that they open any more doors, only that they have the same info on the site served up as standard xml, and have a standard interface for lending (which they already have in html, it being xml changes nothing in terms of security).
An xml based app could even ask you who you want to lend to. You could enter your default criteria (kiva's html does not save these) and when you have credit your app could suggest some number, maybe 5, candidate loans that meet your habits, with pictures and all without opening a browser (if some coder feels adventurous we might even get habit tracking ala tivo).
I personally think the site should be simple and have basic features that people need. I think many of the suggestions made at kivafriends are good for the general user and should go in the site.
Auto-loan on the other hand is a power-user feature, and should probably not go on the basic interface. Since the info kiva provides can be marked up in xml, probably more easily then html (it's all dynamic anyway), and since it would allow interface development for power-users to be taken care of without kiva staff having to code it I think it servers kivas interest to outsource this type of feature. I think an xml api might also turn into a goldmine of interesting features for publicizing kiva if their info is more accessible for web mash-ups etc.
