Well OP is kind of correct because in security importance is given to CIA Triad: Confidentiality, Integrity, Availability.
Availability is important part of any system, if you lock out people, system will be secure but it stops serving its purpose.
Where OP fails is he seems not to understand password leaks and how much password+e-mail+phone number+other info lists are out there.
There is credential stuffing and password spraying running around from leaked passwords, so you can try dozen users on FB and just hit jackpot with one or couple, you don't have to brute force each one of them as there are countermeasures for that.
Even if you have weak password with a trick it is trivial to find out your trick when your password leaked from 5-10 services where you used the same e-mail.
Availability is important part of any system, if you lock out people, system will be secure but it stops serving its purpose.
Where OP fails is he seems not to understand password leaks and how much password+e-mail+phone number+other info lists are out there.
There is credential stuffing and password spraying running around from leaked passwords, so you can try dozen users on FB and just hit jackpot with one or couple, you don't have to brute force each one of them as there are countermeasures for that.
Even if you have weak password with a trick it is trivial to find out your trick when your password leaked from 5-10 services where you used the same e-mail.