I guess I shouldn't single out that particular app.. Any 3rd party apps that have you send them your credentials in the clear and, I'm betting, store them in the clear.. might be a risk.
How positive are you that a hack couldn't bypass the need for a fob and allow a car to be driven off?
Just...