It's not utterly insecure. It's just not perfectly secure.
I can pick an application name and limit connections to that application name. I would easily wager the vast majority of cases this is sufficient security for the window in which it's involved. Your complaints seem to center on this idea that a hacker would be able to figure out the name and then set a connection string to get to the server before you could.
This is a part of single user mode, which for SQL Server means very rare time periods when an admin needs to perform some maintenance or administrative change.
In terms of a valid administrative strategy, where I want to prevent SQL Agent or some client application from connecting, this solves the issues, quizzes someone on the option, and teaches others.
I'll stand by the question from a practical standpoint.