Passkey-based wallets are cool but I feel like people are skipping over the part where passkeys are scoped to domains, which means the provider could effectively brick your wallet at any time (I think, please tell me if I'm wrong)

Sounds like backup signers are in the roadmap but feels like an important caveat

I like baking /goodbread and building apps on web3 protocols. DevRel @ ENS Labs. gregskril.com

Is this even true if e.g. set my host file to 

127.0.0.1 wallet dot coinbase dot com?

Like are the passkeys 100% inaccessible?