I can hardly see any technical reason to implement the store otherwise
Requiring username (which by itself does not identify person behind it in any way) and password is IMO quite far from "take as much as you can get."
Let me repeat my question (as it may got lost).