Pinboard has 24K active users[0]. I have some inside info (having previously worked at IFTTT 2 years ago) that this number is significantly less people than use most of IFTTT's channels. It's one of the early channels and taking the time to fix it and migrate everyone is probably not justified for such a small audience.
Also, if Pinboard really wants it updated, add OAuth and contact IFTTT. They have a better solution for them.
It's not a question of migrating anything. The first thing IFTTT does with the password is make an API call to get the API token, and then supposedly throw the password away.
This is literally a request for them to change the name of an input field, and make one less API call. I'm happy to drive to their office and implement it myself if they feel they lack the resources.
Plugin was written early on and there are only 24K users. Therefore it's ok to provide worse security to those 24K users. -> This does not make sense to me given how many of those users will have the same password on their email and IFTTT is going to store it.
Also, if Pinboard really wants it updated, add OAuth and contact IFTTT. They have a better solution for them.
[0]: https://blog.pinboard.in/2014/07/pinboard_turns_five/