I have come across a few articles on inter-app communication on iOS, e.g. "2-way app integration on the iPhone: How it works", and "Apple Approved iPhone Inter-process Communication". Essentially they use custom URL schemes to communicate. My question is what are the security concerns if I were to pass some sensitive data, such as login credentials?
Don't use URL schemes for any sensitive data. They are in no way designed to be secure.
Instead you should use the Keychain mechanisms in iOS which are designed for exactly this purpose.