How exactly is this "reducing the security level to those of passwords"? For example: you can't use a passkey on attacker's web site even if you have a plaintext copy of the private key.

I'm not following. The issue is about it being used for the site the private key is for. The attacker's site is irrelevant here.