I work at a bank that has a vendor that uses client credentials in order to html scrape their account pages. Most banks refuse to generate consumable methodologies for other financial services to use their data, so they go about it the hackiest way possible.
Contemporarily, lightning is a thing that covers most of the gripes that I've seen above your comment.