That's a bit more of a reasonable explanation.

It seems convenient on the surface but I can think of many ways it's a really, really bad idea: third party snooping, the possibility of being locked out of your own computer if your Microsoft account is deleted/deactivated/password changed, possible expiration of cached credentials (and therefore inability to log in) during a protracted period of internet unavailability, etc

ALL of those are possible and have occurred to that class of account so you've hit the nail on the head there.