I dunno man. This reminds me of the time that someone at defcon said they found a vulnerability in my last company's product because it flashes a WiFi password to an iot device instead of making a user type it in.
"What if we capture the flashes and steal the password?"
Well, if you're positioned to capture the flashes, you're definitely positioned to just watch me type it in...
Would you be ok with it if your browsers at home, in the office and on your mobile phone always showed your bank balance on the top of the screen in a large font?
I assume most users would not. But they would be ok with their bank balance being shown if they specifically opened their bank website.
"What if we capture the flashes and steal the password?"
Well, if you're positioned to capture the flashes, you're definitely positioned to just watch me type it in...