Superuser PIN Feature 

I'm genuinely confused by the PIN features offered in Superuser. It requires that you enter a PIN to use su. But, from what I can tell, it is security theater.

Me:
I enter a new PIN and confirm it. At this point, no one should be able to use su without the pin.

Attacker:
Let's pretend I, the attacker, don't know the pin. I want to bypass it.
So, I use su from an app, and the pin request pops up. I don't know it.
I go into Superuser app settings and clear app data. The PIN protection is now wiped.
I can now use su.

Am I missing something here?

I'm asking, because I was looking into implementing this, and realized that the existing solutions don't actually work in the first place. Not to mention that if the device's screen is unlocked (which is how the app that uses su was launched in the first place, and pin shown), all bets are off anyways.
Shared publiclyView activity