The problem I could see is that you probably have this app installed on a phone, with 2FA for your exchange accounts also installed on the same phone. Now they know where you are, and how much you got.
Too much information together = risk.
I mean what many people don't care what apps they install and what apps asks for what type of premissions, so basically it all comes down that all other apps, not just blockfolio might be able to see some info that you wouldn't like to be seen. But I fully agree with you that there is a high risk involved.