iDIN itself is very secure. As with iDeal, you are redirected to a secure environment where you enter your access code. The receiving party (of the data) has nothing further to do with this, so they have no access to your access code, your bank details or transactions. Importantly, the bank in turn has no access to the web pages and orders you visit. So at no point are data used for commercial purposes.
Where it sometimes goes wrong, however, is that people think they are in their secure banking environment when they are actually in a carefully faked fake site meant to get behind your codes and data. This doesn’t just happen to you. It often results from opening a link in a phishing email or registering/logging in to a rogue webshop. So always pay close attention to the url of your page and whether it is secure.
If the data presented do not match (think home address, email or phone number), stop the application and contact your bank first.