Maybe not surprisingly, I've had a couple of tech-literate friends where they thought they were the only ones with a recovery key but it turned out (luckily, here) that MS had a copy after all.
If MS has a copy then the Russians who hacked MS might also have one. This is not actual security, but rather a security circus. Windows 11 comes bundled with spyware and now ransomware and people pay for it.
If you are worried about the Russians stealing your computer to decrypt the hard drive, you should be expected to have solid understanding of where all the potential decryption keys are kept.
I personally am happy for my Microsoft account to contain a copy. Yes it is an issue if I were to need security from a government, (either from subpoena or espionage). But it provides a very convenient backup of the recovery key, and security from random theft, which is my actual concern.
Also you can disable backing up the keys if you want to. People who need security from state level actors should be expected to take responsibility for proper configuration themselves.
I am personally not happy about that at all but my choice doesn't get any support. Not even registering Windows and turning off s-mode is possible without an account or with severe hacks that do involve deactivating secure boot anyway.
Microsoft is the security flaw here, they were even deemed a threat to national security in the US.
It is a complete circus and it lessens security compared to your average Windows 7 MBR installation while it was supported.
Microsoft forcing you to register to deactivate their presents pretty clearly line out their motivation here.