Bot passwords were created with the goal of providing a safe login option for people who are stuck with old bot code, but they don't quite achieve that: most bots will have a single "username" config option and it will be assumed that that is both the login username and the user account name (for finding the userpage etc). E.g. Pywikibot can't quite handle bot passwords because of this, according to @jayvdb.
Google's application passwords use the normal username and a special password; we should do the same and allow login with normal username and bot password. The @botname postfix is still useful for password management but should not be required when using the login API so bot frameworks do not have to be aware of it.