> esims can't be cloned (e.g. sim swapping attack)

This is incorrect. eSIMs are no different from physical SIMs once provisioned. The only difference is that instead of you having a physical smartcard, there is now a JavaCard-compatible card (embedded on the logic board or emulated by the modem) that gets provisioned remotely.

SIM swap attacks have nothing to do with your physical (or emulated) SIM, they were always about a social engineering attack onto the carrier's staff to replace the (e?)SIM associated with your account. eSIMs actually do make this easier because instead of the attacker having to show up in person at a store to pick up a physical SIM they can skip that step and do the whole process online.

> simply removed from a stolen phone like physical sims

If this is an attack vector you care about, you can enable a SIM PIN. In fact, this also works with eSIM if you really want to. But beware, doing so means once a phone reboots it will not have a data connection so things like Find My iPhone/etc won't work.