[godelski]

That's one way to read but I think a narrow way. Besides, my issue wasn't actually an issue with security now was it?

In practice we don't actually want the best security though. We frequently make concessions. I mean with my bank I don't want "the best" security. If I lose my credentials I don't want to go broke. If my credentials get hacked (especially if hacked by no fault of my own!) I want that money recovered. These things would not be possible with "the best" security.

In fact, in a different interpretation I would call those paths less secure. Ability to recover is a security feature just as much as it's not.

Both security and privacy do not have unique all encompassing solutions. They are dependent upon the threat model.

Importantly when designing things you have to understand modes of failure. When you design a bridge you design it to fail in certain ways because when/if it fails you want it to do so in the safest possible way. Why does this pattern of thinking not also apply here? It seems just as critical here! In physical security you also have to design things for both fail open and fail closed. You don't want you always fail close, doing so gets people killed! So why is the thinking different in software?

Not to mention:

How do I login from my Linux machine if I'm only using my iCloud key?

Your logic would lock me into the apple ecosystem forever and that's a worse security setting than anything else we discussed. Apple decides to become evil and I'm just fucked. Or swap Apple with Microsoft who is actively demonstrating that transition