I don't understand the issue. In order to start your car, a thief would need the Tesla app as well as your login ID and password. How would a thief know your login ID? And then if they do, they would have to guess the password by brute force... using a smartphone app. A lot would need to happen, it seems, before a thief can remote start your car. And even if it were to happen, there is plenty of information that has exchanged hands that would make it relatively easy to identify the attacker.
I am not that concerned.
Hmm, at least in my Tesla iPhone app, the Login page shows the login ID automatically entered; all I have to do is type the password.