Well, that's unwarranted concern. There are hundreds of thousands of OBi products using the portal, and there has never (in many years) been any sort of security breach of an OBi as a result. Regardless; no, you can't generate your own OAUTH keys yourself and then store them on the OBi. And, using an app password (which won't work on an OBi) is weak security, as it permits access to the entire Google account.
An app password is no different than using a standard Google password in that regard, and no different from using a Google password from a security standpoint.