You can lose a mobile device [...] disassembling it and reading from its disk

As @stoodkev mentioned in his replies, keys stored in your phone are encrypted twice, first with your wallet password, then with your fingerprint signature. Should someone get access to your phone storage, he would need both your password and finger to decrypt it.

there are wifi attacks over insecure networks

All data traveling between your mobile and the HAS server are encrypted. Even the HAS server acting as a gateway has no idea of what's going on between the App and the wallet storing your keys (keychain)

If like me you had paranoid, you shouldn't use a mobile at all. These things have been designed to share information, not to secure it.
Moreover, you shouldn't use any front-end you didn't create yourself or fully analyze the source code and the infrastructure it runs on.

When it comes to having a little ease of use, sometimes you have to make a few compromises. In this case, HiveAuth may be an "acceptable" solution that, to the extent of what is feasible at the code, protocol and infrastructure level, does not compromise on security. Anyway, That's how I designed it.