Whilst I value the convenience offered by various apps, I’ve always been a bit uncomfortable about providing my Tesla account details to them. Most of them provide assurances that they only store the tokens in a secure manner either on your device (e.g. Stats, Watch app for Tesla) or encrypted on their penetration-tested servers if they are doing something for you on a repeated basis (e.g. ev.energy, TeslaFi, ABRP).
Am I right in thinking that apps storing it locally on your device are much less risky than the server-based ones?