the only way to do it without help from mtgox is to
1. make people change their passwords elsewhere if they used the same password as mtgox's one anywhere
2. create multiple trusted signing authorities (eg. one at your server, one at mine, one at gmaxwell... anyone can create a server as this would be public domain code)
3. user submits his username, contact email and password to as many these authorities as he likes
4. authority fetches balances from mtgox
4. authority hashes the username and email and drops the password
5. authorities publish the data and signs it with its key

It's a distributed network of trust with detection of lying authorities and it can also detect if somebody has access to password database as there would be multiple email addresses for the same username signed.