limits and hidden fees ... plus app security

as long as someone getting ahold of your app PIN can’t hijack your account or pay money out to an account in his name, where is the risk?

Oh dear … the above naive undersatnding of security is what leads to easy theft. There is a reason why most banks and eMoney institutions use strong passwords, pins and 2FA (Revolut is a fairly shocking counterexample). You should read about Kevin Mitnick, or the many breaches and thefts performed by folks who obtained only basic account information, e.g. http://news.bbc.co.uk/1/hi/entertainment/7174760.stm

Someone would also have to get ahold of your phone.

That’s why apps allowing money transfers on phones (paypal, transferwise, bank mobile clients, etc) have better security than Revolut …

Well. I am aware of this. Like I started my response to your initial post – I agree that security should be improved. I was merely mentioning that Revolut does use 2FA in some circumstances – a weak one, because the same device is used for 2FA and the app – in case you weren’t aware of this.