It's true we don't save the password to the keychain on mobile, because the data is already on a secure location. Someone stealing your device can't access it, nor any other app running on the device, so it's quite safe.
Android Backup is not an issue because it's not enabled, and probably won't. Apple Backup I don't know - can we specify that the app data should not be backed up by default? (and is that something that most users really want?)