As far as I can tell, FIRST you have to connect to the database. THEN you can validate whatever you want. So, I believe that you can't avoid Oracle username/pasword@database connection, but you can - afterwards - force users to apply some additional credentials.
That is (or should I say "was") used when you're lazy to create as many Oracle users as necessary and want to make things simpler for you by creating your own "users" table. In my opinion, you should stick to database users.
As of your next question: there are 3 built-ins used to call other forms: CALL_FORM, OPEN_FORM and NEW_FORM. Read more about tem in Forms Online Help System.