If you have a good bank, they should be limiting it to y wrong tries every x minutes, and have good fraud detection mechanisms in place. So the viability of brute forcing bank passwords should be rather low. So the risk looks rather minimal compared to the large scale exploitation that is possible with the other method.
