It seems like most of these gripes are due to the web app's implementation, and not passkeys themselves. It's a bit harder supporting multiple passkeys, but certainly doable. As others have said, this is just FIDO2/WebAuthn.

Things were a simpler time, but information was MUCH less accessible. In the 90s it was magazines, BBSs, and user groups. The information access we have today is orders upon orders of magnitudes more. Kids today have a limitless and open door to information to hack. Yes, Apple and MS might be more closed, but there are many other OSs.