Many banking apps won't even run on a rooted phone 'for my own safety', yet not so long ago the same banks allowed aggregation services that store my login credentials to have access to my accounts?
The difference is liability. If something happens due to the bank's app, the bank is liable. If you give your account credentials to some third party and something happens, that's not the bank's problem.