Frankly, I don't think the solution with a small set of different private/public keypairs is such a very good idea, I do feel uncomfortable giving away my private keys.
There are two other solutions that seems better to me. I wish I could generate a new private key (or, "token") for every service/app(lication)/website I'd like to use, tokens with a given expiry date, and tokens that can be explicitly revoked. I suppose this idea would require a hard fork.
The other option is to not give away any private keys nor passwords to any service/app(lication)/website, but rather have them send signature requests. Such a signature request could go to a web site that already have either the password or the private keys (i.e. steemit.com), to some specialized website (steemconnect already exists for this purpose?), to some desktop application or cellphone app. This can be done fairly transparent to the end-user (i.e. when I post something from busy.org, it could automatically find out that my account was created at steemit.com, send a signature request there, steemit.com could send me a dialogue box where I'm allowed to do a one-time signature for the specific post or (default) allow future signature requests from busy.org to be approved all until I revoke such permissions through the settings.
The latter is possible without a hardfork, but would require quite some cooperation and a bit of development effort by all the major players in the ecosystem.
RE: A quick reminder for your steem security