Can you set the MachineKey programmatically?

No; the machineKey element must be set via config. However, web.config can itself be encrypted, which helps minimize risk of cryptographic key disclosure if an attacker ever gets access to the config file. (This same process can be used to protect SQL connection strings and pretty much any other sensitive config element you wish.) See http://msdn.microsoft.com/en-us/library/dtkwfdky(v=VS.100).aspx for a walkthrough on enabling this.