Can you elaborate a bit more? If I create a passkey on https://passkeys.io on my Mac, then store the passkey in a password manager like Bitwarden, I can log into that site on my phone. I was kinda under the impression that Bitwarden stored the private key on their servers, so if their site gets hacked, then the attacker has access to my passkey.io account?
The internet (ie bandwidth) is cheap, but running servers, providing documentation and tech support all costs a decent amount of money.
However, treating an API as a profit center is a joke. These are literally companies developing software that makes the experience of owning a Tesla better. Making things unaffordable for those companies is putting short term profits over long term success of your product