I've been struggling (wasting) a lot of time with some problem. Let me describe it.

I have a mobile HTML5 app and I want to integrate it with Salesforce (basically, I want to use it as a database). I need to implement the user profile feature and store the user's details somewhere on Salesforce. A user of my app doesn't have a Salesforce account. All the interactions between Salseforce and my app must be hidden from the user. However, it seems like there's no way to use your REST API without OAuth. OAuth is a security implementation that allows users to access their Salesforce data without having to enter their password, so it's not suitable for me at all. I want to "register" my app on Salesforce, so it should become "trusted". The question is how do I securely use the API without OAuth?

I managed to find that thread (the author's problem is similar to my problem), but no-one answered it: http://boards.developerforce.com/t5/APIs-and-Integration/Access-to-REST-API-SALESFORCE-using-username-and-password/td-p/332731

I also found an article, which describes how to create an "anonymous" API, but such an API has no protection at all (without additional efforts) so everyone can read/amend/delete my data: http://www.wadewegner.com/2013/03/creating-anonymous-rest-apis-with-salesforce-com/

Currently, I'm thinking that this approach is the only way to go. I can protect (sort of) my app by using a secret key, so when my API recieves a request, it must verify whether the requester provided the correct key; then the API can decide whether to reject or accept the request. This approach requires a lot of work, though.