The pin does help as far as it having your master password in there, so maybe that's enough. I still think the option to only give your posting password is an important one. If they aren't using the crypto features and are just posting, commenting, and voting, they shouldn't have to care about the active or owner passwords. If they are messing with the crypto side of things, I think they should care about the various levels of security and take them seriously. I think the Steemit website took the same approach. I'll try to catch you on chat so we can discuss further.