Hi there,
Thanks for your suggestion. The method for obtaining the EPP Code is defined by the design of your domain registrar's API.

For example eNom does require the EPP Code to be emailed to the registrant: https://cp.enom.com/api/API%20topics/api_SynchAuthInfo.htm?Highlight=SynchAuthInfo
Meanwhile the ResellerClub API returns the domain secret in the API: https://manage.resellerclub.com/kb/node/1755

To change the current behaviour, I'd recommend speaking with your registrar directly to modify their API behaviour as desired.