Enabling an unlimited number of attempts is again not a good solution from a security point of view.
Yes, it is. Security that relies on the limit of attempts isn't true security. You have unlimited attempts to break a Bitcoin private key. You have unlimited attempts to break into someone's password-protected wallet. Both are very secure. On the other hand, the PIN in Mixin is not secure, as I have already said in
my review, because there are less than a million different combinations.
Here we don't argue about the choice. Just focus on the project itself. No perfect security.