|That is the idea, so that if your Client Credentials for one app are compromised, you can invalidate them without affecting your other applications. The alternate is to have one and invalidate all your apps.
Furthermore, the OAuth Authorization Flow and Implicit Grant flows require a redirection URL which is unique to each app for security reasons.
The Resource Owner Password Flow is less secure than the other two, and is not recommended for most applications. In the future, we may restrict its use to those clients and applications we can verify as being secure, and a web app is not a secure app.