It's "less risky", not "more secure"

The characterization that "the hybrid approach [was] more secure" is not quite right, because we don't know how secure ML-KEM or other post-quantum key exchanges are. What it is is *less risky*: over any given timespan, there is less of a risk of complete breakage (from some novel attack on a post-quantum algorithm) because of the presumption that ECDH will not be broken by a practical quantum computer anytime soon, and that even when it is that it will be very expensive for some period to actually mount such an attack.