Yes it is certainly an issue. And one that I stumbled across in my first week of "bitcoining"
I noticed that in the blockchain.info (beta) wallet... when i go to addresses, they have a "next address" button... you can just click that and it generates the next address for you... it looks like it can generate as many as you want. I made 4 or 5.
I can see their issue with the scanning... you have to have some way of stopping without continuing to infinity... So they'd have to have some way of tracking addresses generated... I wonder if it is possible to have a counter stored? So every time an address is generated, either manually or via receiving a transaction to address in the list position X, where X = counter, it increments the counter.
To be ultra safe, you could scan to counter+5 or counter+10 maybe? Or maybe a manual button to scan another 5 or 10 ahead if a user is not getting transactions/addresses showing up.
This, and the fact that sometimes it seems to sit in my phone memory and not require my PIN number are probably the biggest issues I have with Mycelium at the moment. The PIN one is particularly disturbing. Like just now, I picked up my phone which I haven't touched for a good 2 hours, turned on the screen, swiped away the lock screen, went into the App Drawer, tapped Mycelium and it went straight into my account listing???
The scan ahead counter would only work locally, if you import your backup somewhere or have another device use the same seed, the counter would not be known.
But yes, there should be some kind of mechanic to give more receiving addresses.
But to do that right it needs a good UI and then you need to be able to tag stuff somehow etc to not get confused.
And while that has been on the list for long it never got more important than other stuff on that list
As for the lock:
That only works upon app startup. When you navigate out of the app, it is not closed, just moved to background. Depending on your phone model and operation system, it can stay there for a long time. Maybe it only moves out if RAM is getting full or if some battery manager app closes it. Depending on your phone and OS you should be able to either hold the center hardware utton down or tap some "show apps" hardware button or something similar, to see a list of all open applications. Usually you can swipe them away in order to actually terminate them.
After doing that, opening the app again should always require the PIN (if the setting is enabled).