It looks like some changes might be coming, all to do with Strong Customer Authentication:
So although you may be able to get into the app if your email is comprimised, it’ll be even harder to make any payment, I think the requirement is: something you know, and something you have.