Yes you are. Its been discussed plenty over the years, just read the threads.
just want to make sure people are aware and safe
its been discussed. Either you avoid all APPs, or you have a level of Trust. For the more paranoid you can create your own token, and upload that, or you can use TeslaFi's token-generator - which does require you to enter your Tesla Login/password, and to assume that is not being stored / used in an unsafe manner / etc.
Either way, if at any time you become concerned you can just change your Tesla password and all tokens become invalidated.
There has been discussion that Tesla should have implemented a different method of security / tokens ... but probably that would just lead to a different debate about security, rather than this one.
Plenty of opportunity for bugs, or even "I didn't expect that". A different 3rd party product logs data against the VIN. If you sell the car then the new owner would have access to all your historical data - unless you "do something" in the APP when you sell the car. Is that bad? Yes, I think it is. Do I care if such unexpected things happen, or consider the risks not worth the reward? No. If you do then fine, don't use the APP.
I trust Apple and Tesla a lot more to know what their doing than a random developer doing this a hobby
So don't use TeslaFi, or any other 3rd party APP then.
All you are doing here is implying that you know more about this than Jdeck and casting aspersions about his abilities and the security of TeslaFi, but you have no knowledge or evidence of any of that - other than citing data breaches from other, totally unrated, companies - who are all Apple / Tesla sized companies, rather than Jdeck sized ones ...
What Jdeck has going for him is a track record of good service. That's good enough for me, if something were to happen I am confident he would move heaven and earth to get it sorted.
If your bar is higher then don't use the APP. I seem to be not alone in repeating myself ...