Big security exploit with the Minecraft Launcher and .minecraft files

TL;DR: Minecraft stores sensitive data inside .minecraft folder without even minimal security, causing big breaches that hackers are currently abusing to steal Minecraft accounts. If remotely possible, add better encryption to files such as launcher_profiles.json and similar, as those contain accessTokens (that lacks IP and region check validation before working) that can be used to log in into Minecraft accounts without knowing the account's password.

There is a big security issue going on currently with Launcher Security. Even when "Keep Me Logged In" is turned off, sensitive info, such as the "accessToken" is stored inside the .minecraft folder and launcher_profiles.json.
Hackers have been abusing this to steal the "accessToken" from the victim's computer, and, with that, they can bypass all account security, as the accessToken bypasses everything, on top of the lack of IP verification, region verification, and the fact that Minecraft has no 2FA support. Also note that Minecraft launcher is hardcoded to use the .minecraft folder, making it easy for malicious scripts to target and clone that folder's sensitive info.
This means any link you click, any script that runs on your computer and etc can grant full access to your Minecraft account to someone else.

As an example, the Youtuber 3rik (and many others I can name) has had his Minecraft account, _3rik accessed by someone else very recently, as can probably be checked by Minecraft admins, due to an abuse of the above launcher flaw. This is a major securitly flaw when paired with the lack of a 2-Factor Authentication for Minecraft, and will only cause further damage to users and to Mojang, that will eventually get sued for it, until it is finally addressed. As a player who is currently vulnerable because of this, if you're reading, please help.

I can try to gather more info about the case or exploit if needed, the above is all I know about so far.