Google restrict services to application-specific passwords

It is possible, but only for single websites, not for the entire Web.

The difference between a password and a credit card is that credit cards are verified with the company (bank) that issued them, whereas it is impossible for a random site to know if a password is "permanent" or "temporary" unless the site's creators themselves implement a "temporary password" feature. (I don't know of any that do.)

It doesn't even make a difference if a website uses passwords or OpenIDs: the latter are verified before use, and you could obtain randomly-generated OpenIDs, but the problem is that an OpenID is not a password, it's an user name; so a temporary OpenID wouldn't grant access to your account unless the website allows you to list multiple OpenIDs (not all do).

Application specific passwords are extra passwords for your account. While you give the password a name, it doesn't explicitly tie that password to a specific application. That feature allows you to easily deactivate, by device or application, the password in question.

In some respect, they could be seen as a security vulnerability. That's why you should never write them down. An app-specific password could be used by an attacker to sign-in to your account. However, I don't think there's a way to fully hijack the account (change the main password with the app-specific one). So, there's only a limited benefit to an attacker if they compromise your account with an app-specific password.

App-specific passwords are going to protect your primary authentication information from being compromised. They're required when you turn on 2-factor authentication, because there are some apps that won't accept the 2nd factor token. The app-specific password is a temporary work around until other apps can add support for 2-factor authentication.

2-factor authentication requires more than just your password (in this case, your phone) in order to compromise your account. And, in that respect, the combo of 2-factor auth and app-specific passwords are doing a whole lot of good, keeping your account safe and away from any hijacking attempts.