That sort of risk is one major reason I stopped using MS Auth and went through the painstaking process of manually switching all of my accounts to a FOSS authenticator (Aegis Auth) instead.