You can generate application-specific passwords and then see/revoke those passwords on your google.com/accounts page.

Are these "application-specific" passwords limited in any way? For example, if one of them is stolen without my knowledge, can the attacker fully access my Google account (e.g. account settings, all Google services, etc.)? Obviously it's less likely that one of these passwords will be stolen than passwords, but it's still possible.

From the screenshots (don't have access yet) it seems that you don't get to specify the type of application or access, but I would assume there is some limitation on what you can do with these passwords?

Good question. I think app-specific passwords have full access.

If that's the case, what are they for?

Well, these services should be using OAuth by now anyway and we should not be encouraging them if they don’t.

That said, check out the “application-specific passwords” part of this offering. It may do just what you need.

Yeah, apparently they're going to have it for imap, but I'm hoping they include gtalk in there too.