I've only used Blynk with Particle so I've never had to enter in my SSID and PW into my code. Granted this service is SSL so fine, I guess I could let that go. Emails are not protected however. I guess its up to the individual as what is acceptable. You can have security or you can have ease of use, generally you don't get both.
Oh I believe you that users do leave "Your Token" but that is part of the learning process. You can't hold people's hands forever.
I get your point about kids, but 6? Most 6 years are just starting to learn to read, let alone write code.