I want to add support for this request and bring the focus back to the read-only scope idea rather than only login/profile.
Several existing third-party apps do not need write access (e.g. iNat_observations_updates, iNat_obscured_observation_viewer). For data security and user peace of mind, it would be better to allow read-only authorization so users can approve apps without granting permission to modify their data. Among other things, read-only apps would be allowed to access private/obscured locations, user settings, messages/notifications, original photo/sound filenames, etc.
A read-only scope is also a common OAuth pattern, for example, with GitHub.