Not sure I agree, because then a 3rd party could embed our Tableau login screen in an inline frame then use a click-jack style attack to scrape off their username/password (if somehow they were able to get on our network). If it was bypassed on the ignition side, then inline frames are still not allowed for everyone else accessing Tableau from their normal web browser, this seems more secure to me. Workstation won't be used as a general purpose web browser for checking email etc.
I do agree that the mechanism to enable this feature shouldn't be easily exploitable.