So the fact that IE doesn't forward me to the corresponding app doesn't shelter me from unsecured authentication.
Wait wait... So what you're saying is, if IE doesn't nanny you and prevent you from doing things (well beyond its scope I might add)... It doesn't help at all? What's next, are you going to blame IE for not taking control of your car to avoid the cliff you're about to drive off of?
The OAuth problem in question is very serious, since it currently only protects against the honest- effectively it's a system of trust. Fortunately for WP most of the apps I've encountered I would trust, and the line between a trustworthy app and a spam-potentially-malicious-app is pretty thick. But this is beside the point OP has raised.
Why does WP not have this? Well, it does. Sort of. The problem, as I see it, is three fold:
1) Big company apps like eBay and Amazon rarely update their apps on WP and generally are very sparing with the features they implement.
2) These apps have been around since WP7 and the feature in question is a minor, easily overlooked addition to the list of things WP8 added.
3) The existing implementation doesn't work in the way you'd want it to.
In WP8 an app can be associated with a protocol (http:// ftp:// rsync:// etc) or an extension (.mp3 .mkv .avi etc). Internet explorer owns http:// and this cannot be changed at this time. The eBay app could in theory create a protocol eBay:// that acts as a drop in replacement for http, so all you would need to do is replace http:// with eBay:// on any eBay product page in internet explorer and the app will launch and navigate to that same page. Bing search results actually allow you to open a search result in the eBay app, I suspect by some similar method.
This system is inherently secure of course, no third party app can hijack http links and alter them on unsuspecting users.
In order to do an android style system that "just works", I suspect two changes would have to be made.
1) The developer APIs would need to be expanded to allow apps to register certain http addresses within the system,
2) and either IE would have to be updated to watch for these URLs and ask you how you want to open it, or IE would have to be dethroned as the interpreter of all http addresses in favor of some other process.