Sure, such a scenario could be used by thieves, however, developers should always consider some users just sometimes forget things 
It seems the problem started with original Jolla Phone, as there was no real solution for forgotten password, except sending a phone to Finland for recovery