My point is you will be shut down and/or sued because you're doing something any platform vendor would object to (MITM auth creds) and taking deliberate steps to evade detection and any countermeasures.
There's no other way to engineer this, if all the requests were made server side with one account, you wouldn't be able to use any of the features that the mobile application offers which is the whole point of this extension. I understand what you're saying. But none of the information is stored anywhere, it is only used to login. You don't have to use it if you don't want to, and for people that are sceptical about using it with their regular credentials, they can simply create a new account and use that account just for the client. Multiple people are already using the client, nothing but positive reviews so far.