Except in that case you would know it got compromised.
If you reset someone else's password via email you would notice yourself when you want to login that your old password is not accepted anymore.
With these one-time auth tokens there is no way to know you got compromised, since sending another one-time token will 'just work'.
This would be great as part of a 2-factor scheme though.
This would be great as part of a 2-factor scheme though.