Getting an API auth token from Zoho CRM with two factor authentication enabled

Getting an API auth token from Zoho CRM with two factor authentication enabled

Hi I am writing an integration with the Zoho API and I am using two factor authentication. So far as what I have understood from the documentation is that to get an Auth token I have to call this URL with the respective fields filled in:

https://accounts.zoho.com/apiauthtoken/nb/create?SCOPE=ZohoCRM/crmapi&EMAIL_ID=[Username/EmailID]&PASSWORD=[Password]&DISPLAY_NAME=[ApplicationName]

So my first question is: How is that secure in any way? The user's Email and Password/Application specific password can be seen by anyone.

And my second question is: How many Auth tokens can be generated per single Application specific password?

Thanks.