It's convenient but not very secure to allow a simple click of Manage account in the RC App to go straight into service.ringcentral.com in Administrator mode. IMO this should require entry of the password.
Is there a way to force a password challenge? Otherwise, the only workaround I can think of would be to create separate admin users with no phone and remove admin rights from the phone users - a pain. The phone users could then use this quick route to change their own settings at the 'Service' page, but not to administer the whole system.