User running web dispatcher have entry in SSO-Credentials and have access to pse without pin.
Somehow web dispatcher must to know the pse content. Maybe other user than <sid>adm is used.
The pin protects pse from unauthorized access. You can guess it or recreate pse from scratch.
You can also mess with cred_v2 file where sso credentials are stored, but I can't help you with this.