I think the security is fine as it is, my phone is protected with a pass code / Touch ID which would be very hard to bypass in the first place, yes once you are in you can top up as much and when you like, but if you want to send money to someone you need to enter your PIN number, so the worse they could do would be to add money to your account. That’s as long as they have been able to get hold of my phone and somehow break through my phones passcode, which I believe would be very hard to do as demonstrated in the FBI vs Apple case.
Now I understand that if you was to give your phone to someone and unlock it for them, they would still need your fingerprint to open the app (providing you have enabled this) and again if they wanted to send money they would need your PIN code.
I don’t want to be nagged every time I want to top up or perform an action.