I still have my doubts about how safe can a system that uses mobiles in general can be regarding crypto. Just to mention one stupid case: people loose their cell phones everyday.
If their phone is stolen, thieves will not be able to access their phone because they do not have a password or fingerprint verification so I found it reasonable and safe
It depends on the password, if it's the user's birthday or something similar, it will be easy to guess. In addition to this, if the user doesn't protect his phone with a pin, the chances increase.