Thank you for the fast answer! I'm writing a AngularJS based browser-only-app and access the backend via the rest interface. And sadly I've found no possibility to circumvent either the browser behavior (showing the login box) or that of datasnap (sending 401 if TDSAuthenticationManager is present but no login/session data).
there is no immediate plan for that at this time. 1.1.0 introduces major API breakages over previous versions, I don't know what the level of effort will be yet to support the new API, especially in parallel with the earlier API.
1.1.0 was just officially released a few days ago, and 1.0.2 is not going away for several years. So there is time to migrate Indy to 1.1.0 eventually.