You don't need OAuth to ask for someone credentials...
That's called PHISHING, and actually OAuth prevents that precisely because OAuth does NOT ask for those credentials. If you are asking for credentials whilst PRETENDING to use OAuth, that's not OAuth's fault.
What you might be saying is that by creating an environment where people begin to blindly trust sites because they have "connect with FaceBook/Twitter/etc" options, and so stop thinking about whether or not they SHOULD be entering their credentials when asked to do so when using such services, then sure - that is a problem I think.
Add a "Connect with <service name>" button. When clicked, throw up a sign-on page that looks like it belongs to that service, with some text along the lines of "<Service> is not signed in. Sign in now to complete the authorisation process for <Phishing Application Name Here>".
Most people aren't going to stop and think whether or not they ARE currently signed in with the service, they will just go ahead and "Sign in" using this oh-so-trustworthy form.
But that doesn't need OAuth to work.