I'm currently using monero addresses as the sole authentication method for a custodial service, similar to how mullvad VPN has a single account number to authenticate. My understanding is that these are unique, and impossible to guess. For a custodial service, this makes withdrawing user funds trivial as well.
Can anyone tell me why this is a bad idea?
it looks like this is just outdated:
https://github.com/m2049r/xmrwallet/blame/master/doc/FAQ.md
The most recent update was a year ago clarifying language, the rest of it is 6 years old now