@nazokiyoubinbou @nixCraft It's safer than you think!
The app itself is a trusted pathway to the service, and it's probably been authorized at least once with a password or something more complex. The PIN is just an additional factor. Totally different from the WiFi situation, where that one code will allow virtually anything to connect in and do stuff.
@DarcMoughty @nixCraft I think you meant to post this to them, not me, but I do want to point out that this isn't quite as literal as I think you've taken it to be. The point is just some things that seem like they don't need so much protection go over-the-top even with crazy requirements then some things that need heavy protection have little to none.