Does it create extra vulnerability that sensitive bank information is stored on the mobile in this way?

No sensitive bank information is stored on the mobile phone itself. The secrets associated with your BankID on mobile phone are stored safely on the SIM card and cannot be read from there. It is important that the person who has BankID on mobile keeps the BankID on mobile PIN secret. The PIN makes / selects yourself when you create BankID on mobile.