Per RAW, there appears to be no way to steal/spoof/dupe a persona. You cannot pretend to be anyone else on the Matrix.
Also per RAW, there's no mechanic to broadcast someone else's SIN, even though a SIN is just a string and it's quite public as most people are always broadcasting theirs. (Stepping beyond RAW, we can assume the SIN's stored biometrics and biographical information wouldn't match, but they don't match for a rating 1 fake SIN anyway.)
So we have two "unstealable"/"unhackable" technologies. Only person A's persona can broadcast person A's SIN.
Meanwhile, we regularly see corp facilities that have security doors secured with keypads, keycard scanners, or fingerprint/retina scanners -- all things the PCs can bypass or fool with advanced tech. (This, of course, is an important game element.)
Why aren't those doors secured with SIN scanners? The corp issued the SINs, so the corp certainly knows all the SIN information. And SIN broadcasts appear to be bulletproof. So if the door only opened on a command from a persona with a validated SIN belonging to someone who works for the corp and has access, the whole thing would be much more secure, right?