If you have authenticated with more secure credentials (i.e. a potentially long password), you should be able to reset less secure credentials. This way, people like me who use password managers and long, randomized passwords can easily reset the screen PIN without having to record it somewhere.
Of course, what I would really love to see is a command line with SSH key authentication and a good configuration system like Junos. Mmm. Maybe support for client-side certificates for web UI authentication. That tends to be bizarrely difficult to set up in a lot of modern browsers, though.