These would have the same access policies as full apps, and perhaps even appear the same way, but wouldn't be active -- just present the user with a note / HTML page.  Possibly after a password reprompt.  In fact, it needn't even be a general note -- just present the fields configured for the app by the administrator.

The main application I have for this is keeping shared passwords for e.g. root logins on our servers, databases, etc.  These aren't available to the outside world and they aren't web apps, but the management issues are much the same.