This is the main reason I stopped using it. The benefit was too low compared to the risk. Once I started using 2FA and realized how it worked I noped right out of there...

My Sparkasse app (Germany) lets me add other bank accounts and the credentials are stored only in the app. I think there's an EU directive forcing banks to have an open API, which makes it work. Much better than screenscraping.

Is there any such trend in the US?

Giving someone read-only access makes more sense. Even better is like what you mention, a program you run, but open source.