Re: Devices generally have an api type login
Anything with "link your account" is always going to be a security hole and especially if a linked device can add a new link using the existing credientials.
IMHO Amazon do not want to publish who is linked to their account for the same as for all the others like steam,fb etc, basically people would be able to remove the link that allows these third parties to spy upon the user and their transactions.
Since Amazon here are taking pains to prevent the user from knowing which third parties can bypass authentication then you cannot see how many fourth parties may have been daisy chained into the loop.
To my mind if a company allows account linking then they are responsible for any fraud that occurs using their system, if they do not allow you to see who is spying upon you then they are intentionally thwarting identity legislation