You're giving Plaid and your average user way too much credit.
If the inherit trust is so obvious, then why would Plaid not include a very common step in authentication flows like FB and Google to explicitly tell users what they are agreeing to share with XYZ developer before submitting their credentials (which may be just a bank account number, but might also be transaction history, personal information, account balance, etc.)? They've purposefully omitted this step because conversion would almost certainly tank.
I'm not sure I follow nor agree. When I go buy something at Target, they take my money but I in no way expect that Target would then be able to see my bank account balance nor all of my transaction history at every other place I shop.
And yet, you are missing simple distinctions between authorization and authentication. You can authenticate with a separate identity provider. Every site that uses google login does that. They don't get access to your google account. You can also authorize specific things in your google account. Some apps do that too, and they get restricted access to a folder in google drive for example. Plaid doesn't follow any of these patterns. Instead, they show you a log in screen that looks like your bank's login (same colours and everything), only that you are sending your credentials to plaid. This is outright deception.
What does the authentication method have to do with anything? You stated that if an app "takes your money", then you expect it to have unfettered access to all of your financials? That's absurd, regardless of what information you put in.
If I give a valet the keys to my car, it is very clearly for them to drive it to and from a parking space, nothing else. It is not blanket approval for them to go take it on a joyride through the city. To defend them by saying "well you gave them the keys, what did you expect?" would be similarly absurd as defending Plaid et al.
If the inherit trust is so obvious, then why would Plaid not include a very common step in authentication flows like FB and Google to explicitly tell users what they are agreeing to share with XYZ developer before submitting their credentials (which may be just a bank account number, but might also be transaction history, personal information, account balance, etc.)? They've purposefully omitted this step because conversion would almost certainly tank.