Yes, take a look at our EO Browser, for example.
With public web-applications, there is always a risk that someone will hijack the API credentials (e.g., OGC instance ID or process API OAuth client ID/secret) and misuse them for their own purposes. We have worked around this by integrating Google reCAPTCHA technology. Our Enterprise-level users can use this as well:
Note, that as with any other security measure, things can be broken. However, we have found this option to be quite secure. You can, of course, implement another method of hiding credentials on your side.