That applies to pretty much all desktop apps, your browser profile can be copied to get access to all your already logged in cookie sessions for example.
IIRC this is how those Elon musk crypto livestream hacks worked on YouTube back in the day, I think the bad actors got a hold of cached session tokens and gave themselves access to whatever account they were targeting. Linus Tech Tips had a good bit in a WAN show episode