I'm using a bluetooth keyboard and I type my passwords in plain text. I don't think that public key sent over bluetooth is less secure. So it's a very tricky topic and I think it's more about corporate insterests that actual security.
Bluetooth security has always been a mess and even the specification itself has had egregious bugs that almost all devices were and often are still vulnerable to: you can force 8bit symmetric keys if you like: https://knobattack.com
I would never trust any wireless keyboard or mouse on any even marginally important computer. Bluetooth security is a broken mess, and taken together with the mess most bluetooth functionality is (e.g. perpetually broken, laggy, stuttering, forgetful, lofi audio profiles) bluetooth needs to die asap.
It is encrypted with MITM protection. That's why I do not believe in severe security issues in BLE. There can be problems with particular implementations, but in general it should not be less secure that typing password on a keyboard.
Your keyboard very likely isn't using BLE (Bluetooth Low-Energy). The issue appears specific to BLE which behaves differently than Bluetooth X (4.0, 4.1, 5.0, etc) "proper" and has a different security profile.
Just so we're on the same page, "Bluetooth X" was discontinued at 3.0 -- it's now named "Classic Bluetooth."
Bluetooth 4.0 (4.1, 4.2, 5.0, 5.1) are almost exclusively the artist formerly known as Bluetooth LE. LE is a totally different standard than classic Bluetooth, and was developed by Nokia ("Wibree") and dropped on the desk of the SIG with a big thud. Nokia told the SIG this was Bluetooth now, and they adopted it as "LE" and it forms the core of all version of Bluetooth 4.0 and later.
4.0 and later specs include "LE", "Classic" and "High-Speed". It's very unlikely developers are building for Classic mode anymore, that protocol is an utter nightmare. I don't know anyone building High-Speed devices.
I'd be surprised if a new keyboard opted for anything other than LE. That's just the kind of embedded system it was designed for.
You are probably right. However, the BLE transport was not removed from the 2.1 specification and supported by Microsoft Hello. And, anyways, for Arduino based DIY project existing security is more than enough.