Am I in the minority? I can't convince myself to login to My Tesla via ABRP, even though ABRP seems trustworthy, and they state that login information remains local to the car browser without being stored on any servers. I don't understand all of the in-between steps (API, token, etc.) and where all the information really goes. The consequence of my Tesla login information falling into the wrong hands is that someone could steal my car. That risk greatly outweighs the benefit of accurate and convenient real-time trip planning.
While ABRP works great on my PC desktop, it's essentially a brick in the Model 3 browser without current GPS info via the Tesla API. I would prefer at least simple functionality in the car, where I could manually enter my own SOC and approximately locate myself on the map with my finger... without routing through my Tesla credentials. Thoughts?
I can only speak for myself...but the risk seems extremely low to me.
Let's say that some kind of security flaw in ABRP's system did in fact expose a Tesla login tokens, and if you are truly concerned, you should use a token rather than login credentials as it will expire after a set time period, effectively giving the hacker a strict time limit to steal your car.
Now, even if said hacker had access to ALL Tesla tokens input into the system, in order to physically steal your car, they would have to use your token to log into the app, unlock your vehicle and climb inside. Yes, they can locate your car, but they would have to be physically near it, mind you. Out of all the cars out there, what do you think the chances are that they would be near yours?
But let's say you are unlucky. They can then get inside and start the car, and darn....you set PIN to drive! They can't steal your car after all!
And believe me, if you aren't the unluckiest Tesla owner on the planet, I'm pretty sure that if a Tesla (or 10) were stolen using such a method that it would be pretty widely publicized and all you would have to do is reset your password to invalidate any tokens.
Is it impossible for such a hack? Probably not impossible, but incredibly difficult, and even then, the chances of your car being the one actually stolen seems incredibly remote.
I personally don't worry about it. But if you are more risk averse, use PIN to drive and/or just use ABRP in your car without your Tesla login. I don't understand why you say it's a brick in the car?