As discussed in another topic and as I'm sure many more people will encounter when switching to API v3, the way they used to the API won't work. The problem is in the authentication method. OAuth is made so that it works for approaches like the Wordpress plugin where a third party provides a tool or is a middle man to manage other people's contacts/subscriptions on CTCT.
This comes short in scenarios that concern only one account. Imagine a website which primary focus is for example a game, yet they use CTCT to send e-mail newsletters to their users. They also have multiple newsletters (a general newsletter and a developer's newsletter) which they want to offer their users to subscribe to.
The inline form makes no sense to them since users have already provided them their emails. The API with OAuth makes no sense either as they are not managing other user's account. They are only concerned with making a simple form in their settings where they would allow their users to select which newsletters they want to subscribe to and then send that contact and subscription information to CTCT to update their contacts. Bonus being that they could also retrieve subscription information for each user so that they can show them actual subscriptions in case a user unsubscribed via e-mail and not through their web page.
HTTP Basic Authentication offers one option to make this possible (obviously only over HTTPS). The goal is to make an authentication method that identifies the account holder and then allows to make API calls to their account only.
Another option could be a new form where the contact's id/email would be provided and it would display their subscription status, but that would not satisfy more complex use cases (ie. automated systems).