thanks for the tag ,

basically when you change keys the keys are changed and people cannot access the account without having a new updated keys ,

But when you authorize an app to do posting operations (post, comment , vote , downvote) , you also give an access token to the app (previously via steemconnetct and now via steemlogn) , which the app owner can use no matter you changed your keys or not until you revoke the app.

for example i own steemauto.app and all steemauto services votes , posts are boradcasted using a wif of account steemauto.app , combining with the access token we get from steemlogin , so you are not yet secured , so revoke all access to apps you stopped using or are no more oeprating on steem (like previous steemauto) , these maybe dangerous as they can abuse the chain .

Hope this answers the question

If you think i am helping the community please support us my casting your witness vote to steem-supporter