>at worst passphrased keys are as insecure as passwords
Not true, unfortunately -- standard passwords can be (in practice) perfectly protected against
guessing attacks by using rate-limiting; there's no way to rate-limit attempts to guess a
compromised key's decryption passphrase.
Whether one cares or not is another matter (most of us are unlikely to be facing attackers who
are willing to spend the necessary time to crack a decent passphrase in any case, and
keyloggers and memory scanners are going to remain much cheaper and easier ways to get at
decrypted keys), but there are tradeoffs.