Currently, PINs can be reset by browsing to https://www.plex.tv/pin-reset/ using the current password.
The problem is that users who access your Plex Media Server using your credentials then a managed user (à la Netflix) can easily change your PIN without any real verification thereby gaining access to the main, administrative user account.
So, I suggest / request that the PIN reset process be changed to use verification emails, as is the standard.
