Actually, the private key for the generated Bitcoin address is encrypted with this PIN code, so as long as the PIN code is safe, the Bitcoin are safe. In Itipu, you can send your Bitcoins to your friends wallet by telling the bot to do so, like, Send 2 dollars to joe. (You have to enter your PIN code of course).
First, how long is this PIN?
If it is four digits, and the phone is hacked (encrypted key leaked), that would be broken pretty quickly, even with key stretching.
For example, if decrypting takes one minute on your phone, cracking would on average take a bit over eight hours
on an identical phone, a powerful GPU could probably crack it in a few minutes.
You could fix that by replacing the PIN with a pass-phrase, until it becomes essentially a salted brain-wallet.
Also, if this is a bitcoin wallet, why does the article say "send 2 dollars to joe", instead of "send two millies to Joe"?