My example appears to have distracted you from the point I was making. Let me make the point again without an example: being vulnerable to one attack does not mean there's no value in not being vulnerable to another attack when the attacks require different strategies and levels of effort. Or again: making breeching security more difficult does in fact reduce your risk of random security breeches. Or to put it another way, a determined attacker will search for an opening, an opportunistic attacker will move on. There's value in protecting yourself from opportunistic attacks.
Changing out passwords for passkeys does not improve security in anything but a theoretical manner.
Good passwords (stored on the backend with a password-optimized hash) are pretty close to bulletproof, and all browsers that I've used in the last few years prompt you with very good passwords.
Again, the key is that people who would use passkeys are the same ones who will be using good, non-reused passwords in the first case. We've taught non-technical users too well that they should not pay attention to out-of-browser prompts, so they're not going to be able to use passkeys without significant and broad re-training.
