Ever since I wrote a blog post about why Pandora doesn't expose a Web API, I've noticed that I get a ton of traffic from people searching for "Pandora API". It must be disappointing for those readers to then see a blog post which explains why Pandora doesn't expose a Web API. I use Pandora myself, and I've sometimes thought "wouldn't it be useful to write an app which would go through my music collection and give a 'thumbs up' on Pandora to all the songs". Such a thing would be possible using a Web API. But, Pandora makes money from advertising, and I would not be looking at advertisements while I was running that application.
Now, it would make sense for Pandora to expose a Web API which was locked down to just certain users. e.g. If Pandora was available on the Tivo (hint hint Pandora, if you're reading this), and Pandora got a cut of the subscription, then a locked down and managed Web API could be used for the app on the Tivo to connect up to Pandora. Pandora does have its own proprietary API anyway (this is how their various Flash apps connect to their core services) but the info on that API is not public. If they were to make an API public but then tightly control usage of the API, then that may give them the best of both worlds: leverage the developer interest which is clearly out there, given how many Google searches I see for "Pandora API", but also ensure that the API is only used in very circumscribed scenarios (not just thrown out there, like a lot of Web APIs are today).
And, as CTO of a company whose products are used to manage access to Web APIs, there are off-the-shelf products available for this today :-)