It's safer than email + password. Every email + password combination I'm familiar with allows you to reset password by having a link sent to your email, which means that access to email is always considered the ultimate association of identity.
This just removes the email + password altogether and requires that you have explicit access to the email. So it takes the end-all-be-all access criteria of the other solution, but removes the possibility of them being able to have a weak password, and also removes the issue of them having to store and transport passwords.
It's less safe than email + password. Someone can break into your email with email + password, or you can forget it logged in and they have your Notion automatically, so it has the same problems email + password have, plus some more.
This just removes the email + password altogether and requires that you have explicit access to the email. So it takes the end-all-be-all access criteria of the other solution, but removes the possibility of them being able to have a weak password, and also removes the issue of them having to store and transport passwords.