There are already some options for your first idea. Any account can set up other accounts to use their posting or active roles, and also revoke them at anytime. This means that you can keep your keys safe but you give others access to your account. Steemauto for example does that.

The second option can be done by directly interacting with the chain. In an application this will probably not increase the security of less technical users since the will be using their private keys to sign on an online machine anyways. It might be possible to build special steem hardwarewallets for that though.

It should be noted that the passwords you enter in steemit always stay local in you computer. steemit does not know your passwords! But when your computer is infected that does not really help :)