Sort:  

I am not a hundred percent sure if it's a SteemConncet issue or a Dapp issue that has coded it like it. What happens when the authentication token gets generated, they were storing that token. Now the issue is, if someone will have access to that system can get all the tokens which will be a security lapse.

Authentication tokens are security feature of Hivesigner, it provides apps ability to perform actions with your consent. These has expiry time and easily invalidated in case of breach. If breach happens none of the web applications are safe anyway.

That's one of the reasons Esteem focused on standalone desktop and mobile applications which gives user security they deserve without relying on any third party websites.