Update 5/24/2022: We have now enabled all of the cmdlets to be REST-backed if you are using the 2.0.6-Preview6 module.
We’re excited to let you know that we are working on a new version of the Exch...
Updated May 24, 2022
Version 12.0
Blog Post
The OAuth way of logging into Exchange remote PowerShell has always been undocumented, so I don't think they will make any kind of announcement about it going away. But previously the PowerShell module was using it, so I figured it wouldn't go away while that was the case. This new module doesn't need it, though, clearing the way for them to turn it off whenever they want. It uses WSMan and a variation of basic auth where you supply the OAuth token in place of the password, so when basic auth goes away it's not clear to me that it will continue working.
You're right, letting an automated tool change your settings is an issue for some customers, we give those customers a PowerShell script that they can examine and run themselves. However, many customers are nontechnical and just want to get the thing installed.
Unfortunately, for PowerShell the only (official) way to grant access to an Azure app is by setting up a certificate. For most things, like Graph, or even the undocumented OAuth way of accessing PowerShell, you can have a user grant "delegated" access. They log in through a Microsoft page (so you never have access to their password), which gives you a token that you can use to do things on their behalf while they are logged in, but you have no ability to get another token later by yourself. In this case there is no permission to remove later on, because the permission was only granted for while they are logged in. This is how our app works today.