I believe the problem with the WPS button is that it comes with a WPS PIN (might be optional, but enabled by default in most cases) which means brute-force attacks are possible even without having to press the button, where as the solution described in the repo would at least require you to eavesdrop on an active key exchange between 2 users.