This seems like a good compromise.

Allow immediate access for convenience in some cases, but restrict that access to a specific task until login.

Yes, but the scope of access would have to be severely limited, to the point where's there's no real sense in doing it, e.g. you'd have to prompt for settings change, but also probably read/write access to private messages, wall, etc... It'd be a lot of work with little return (the more return, the less security).

Yeah, good points.