I see your point.
A solid app should just be a view.
Due to paranoia, we’re used to thinking that if an app has full access, the “company” has access.
And idd, they could record the login, …
The problem is, it can’t be enforced, as such.
If someone steals the password to, let’s say a webshop, they only have access to the webshop.
But if they steal your webID credentials, they have the complete pod.
srry thinking out loud
This is turning out to be a point pro OCAP, I think.