7 days is quite problematic, some people only check their stuff once a month. I only do accounting once a month so what if it gets stolen between that time?

Also what if the recovery system gets hacked? It's pretty centralized from that aspect in my opinion.

I won't miss out on opportunities as I am already holding Steem, I am just saying that it has vulnerabilities since the only way to access it is from a Javascript based website that for some reason loads Google and Facebook scripts on it's login page, instead of a cold-storage wallet system that can be held on a cold storage computer or hardware wallet.