The web is moving towards webauthn passwordless, at least for low(er) importance services, so I thin there might be more scope for harm in the future