Scanning the public viewkeys on the web is an interesting idea.
It could also be possible, as you suggested, to give access to MyMonero only. The difference with a public access is that you can revoke the access anytime (since only the output of the viewkey is public, not the viewkey itself).