What's the point of Authorized IP's?

What is the point of auto-authorizing endpoint IP addresses on a Personal account? It seems that any client can access my resolvers, whether it's "authorized" or not - I can't see anywhere where I can restrict access to specific IP's, whether auto-authorised or entered manually.

I have the option enabled for all my endpoints since they're all dynamic, but I recently tried disabling it for a new iPhone, and it's working just without any authorized addresses.

It seems completely redundant - is it even needed for the dynamic DNS feature to expose the latest IP address of the endpoint? What am I missing?