It's about creating an open API, but you control who has access and who doesn't - why is that a bad thing? Also many people hand over their actual bank login details to services such as yodlee which is even less desirable (I believe it even breaches the bank ac's terms of service)!

It's just possible to give full access with PSD2. Even a third company just has access to pay a bill with your account, they can see each transaction on your account. The idea behind PSD2 is, as far I understand, a lot of services should have access to your account, to make it easy to pay with smarthones ond third party cards.