is there anything stopping me from writing a browser extension to make posts on the site automatically? i did work for a guy on that sort of setup spamming used car dealership ads, and it may have been a hastle keeping it running but we got plenty of ads out.

nothing other than the fact that if they find you doing this, they'll likely ban your account.

If the private keys are distributed inside an approved client app then any competent hacker can decompile the binary and extract the keys. At that point the keys can be used by bots or other unauthorized apps, and there's no reliable way for the server to distinguish them.