I also don't quite understand the type of security presented by the dreaded "fuse map." Is this a result of reading addresses of the PAL, that make the PAL itself unusable? Or is it something else, and I should not worry about bricking my PAL by simply reading it like an EEPROM?
Edit: I think it's just for reading the programming of the PAL, and I should not worry about breaking my PAL by reading it.
You are talking about two separate pathways.
Reading back the fuses, likely involves applying some higher voltage, and if they read back all 1's or 0's that part may be secured.
The 16L8 series have no registers, it is the 16Rx series that have flipflops.
You can use test vectors to scan the pins and read the outputs, but device programmers are really built to run expected results and pass/fail, not to scan unknown parts.
You could make an adaptor that does what you say, "read the PAL chip like a 27C020 EEPROM", but you need to map the PLD pins to a suitable memory.
Complicating things is that some IO might be used as inputs, so a circuit of the original unit helps here.
Another complication, is the design
might create latches, which would be hard to detect from a linear, one pass scan of input pins.
If you do manage to get a (large) logical test table, some PLD tools can synthesise tables, so you might see if they can reduce a large table to a few equations.