I don't think it's inflammatory, and I don't think SmartThings staff thought so either, since they did immediately make a few changes.
There are two separate questions here. First the basic issue of how are you going to handle remote operation of devices? For example, I believe that the same issue, too many permissions, is the reason why nest has not approved SmartThings as an official integration. Logitech Harmony will not allow remote control of locks. Period. Harmony activities which include locks cannot be operated through IFTTT, for example. Amazon, on the other hand, just gives people a warning that they should be aware if they are putting barrier control devices under Echo control.
The second is the question of how a platform owner, such as SmartThings, handles independently-created apps which are offered through an official platform. ( you know, those 30,000 developers. ). SmartThings is essentially using an honor system by publishing developer guidelines. But those obviously can't protect against those with malicious intent.
While smartapps available through the marketplace go through additional scrutiny, the ones published in the community forum do not.
The ability to use custom code is clearly a strength of SmartThings, but it is reasonable for industry watchers today to ask what if any protections are in place for the average person who buys a security starter kit at Sears and doesn't read code at all?
I understand the android example, but SmartThings is also sold to people who have iPhones and have different expectations of security.
There are no easy answers here. Apple originally said that HomeKit would not allow for voice operation of locks. They got a lot of pushback on that, and eventually allowed the option. But even so, if you're using it with the phone instead of a watch, there are a lot of barriers to convenience. ( The watch has a different locking protocol, and so it's just more convenient to use in some cases.)
So I do think it's an important question to raise, and an important discussion to have, even if we might not all come to the same conclusions. It may be as simple as SmartThings adding a mandatory warning when a lock is included in a smartapp installation. But it seems like a legitimate discussion to have.