In the web interface there's a Security tab where you can review active sessions. Using wee-matter creates a bunch of entries there. Once an access token is obtained, it can be stored and used it until it expires. (You could even avoid storing the password in the preferences like this.)
Yeah I think this could be better and not so hard to implement. We should store the access_token and the expiration_date in configs. But the password still seems to be mandatory on configs. Or maybe I missed something ?