Yeah, nothing surprising, make the car believe you're the phone, make the phone believe that you're the car, and act yourself as an extender, meanwhile you don't know what the two are talking about you're relaying the messages. The car sees good signal quality thus it unlocks. Nothing special in that, and I see no reason why anyone should think it is. For all we know, there's Pin To Drive keeping your car secure from a drive away. Nothing too scary, as clearly regular car owners continue using things like even more insecure and easy to replicate passive unlock (although they do have RFID immobilizers but that doesn't matter). None of this really matters, unless Tesla decides to do something about it.
TL;DR
Yes it's true, probably doesn't matter, just keep Pin To Drive on and you're good. Just hope that Tesla issues a mitigation.