The problem is that it was technically possible, for a representative, to make this change without the proper verification. You just can't rely on humans for that.
SendGrid once went over my head and changed my account settings on behalf of a customer of mine, without even consulting me beforehand. I had a customer with a history of reporting mails as spam (activity reports he requested in a webapp). When you report a mail as spam, the address goes into a blacklist to avoid causing sender reputation issues. After the third or so time of having him ask to get the mails again, then mark one of them as spam, I told him I wouldn't be offering that feature to him any longer. He contacted SendGrid about it directly, and the SendGrid rep actually went into my account and added his address to a whitelist to bypass the blacklist, where I intended it to remain.
I thought that was just the strangest thing, and it didn't sit well with me. Accessing a customer's account when they request service is one thing, but making changes on behalf of a stranger you know has no authority over that account? That was when I moved the last of my apps over to Mandrill.
And people complain that Google has bad support! At least you can be certain that there's no way an attacker can get the Google support rep on the phone. There aren't any.
I thought that was just the strangest thing, and it didn't sit well with me. Accessing a customer's account when they request service is one thing, but making changes on behalf of a stranger you know has no authority over that account? That was when I moved the last of my apps over to Mandrill.