Yep, I agree fully, and the most annoyibg part is that it would be conceptually easy to get rid of all accounts and still have remote control of the system with access control.
Build the system so that the bridge gets a UUID from the Hue servers, when an app is connected to the bridge have it get the UUID and generate a token for the device.
Then when an external request comes to the Hue server authenticate it with the token and forward it to the bridge.
If you get a new device, simply connect it to the bridge as normal and you are done.
Then have a local admin password on the bridge to clear old tokens, and a nice reset switch to clear all config.
Conceptually, way easier for a user to use, and little need to store personal information on the Hue servers.