I've just finished implementing a more general confirmation scheme for Mailman 2.1. There are two aspects to this. When an operation requiring confirmation is performed, a confirmation email message is sent as before. However, the confirmation message will include both a confirming email command and a URL with a unique cookie, and the operation can be performed either by replying to the message or visiting the specified URL.
Currently only two confirmable operations are defined: subscribing and removing. The above works regardless of e.g. whether the removal request is coming from cgi or from an email command. This means a user can send the message "unsubscribe" to mylist-request with no address and no password, and they will receive a confirmation message. A reply to that message, or a hit on the URL will remove the user.
(Note that if the user actually knows their password, they can include it in the web page or email command for immediate removal.)
(Note also that the architecture is general enough that other confirmable operations could be added in the future.)
While this isn't exactly password-less accounts, I think it accomplishes basically the same intent. And it strikes a good balance between convenience and security. It means in practice that a user can get removed from a list without having to remember their password (or how to get it!), and the two-step removal in that case isn't too onerous (since most MUAs I suspect would let them click directly on the URL in the mail message).
Acks go to Les Niles who implemented a rough cut at this. My implementation was different, but similar in spirit.
-Barry