[ineedasername]

It's not at all a reasonable response. A small bit of malware could eliminate the need for physical intervention: programmatically logout, login with the thief's account to sync, then log that one out too.

The response smacks of an attitude that "once a machine is even a little compromised it's not our responsibility what happens. Physical access is a compromise, therefore we don't have to fix our own loop hole."

This is like a safe company saying, "Well, of course someone that breaks into your house can also open the safe by saying, I'm the owner out loud."