@L29Ah Not the most secure path, yes.
But you need to think of a threat model.
Depending on what you want to be protected from, this could still be a decent solution especially it's more accessible than secure element based keys.
I personally wouldn't rely on it, but I don't think why not to use it for some basic additional security. Like phishing protection for example.
And no, "you just need to read the URL carefully to protect yourself from phishing" is a bad argument.