Hi Alex,
Yes, the account linking extensions is supported. The official docs are here:
On those threads you posted, the original poster made comments after a cleanup bot had marked the thread as closed. We should have caught it, but I suspect the bot closing it removed it from the radar. If that ever happens, just start a new thread.
I cannot comment on the security of the scenario you are talking about. It avoids the major issue I know of, but I would need a security review before I could give it the thumbs up.
It is vulnerable to the scenario where a few months down the road you add a username/password DB into the equation and then the large security hole is open, unless you remember to come back and fix the rule.
John