You just need to memorise the PIN at max. If your device has biometric recognition you could even use your face scan or fingerprint so even remembering a PIN is not needed in that case.

Even if you are really careful, your details can always be leaked from a company server during a breach. If the companies adopt passkeys, that issue isn’t there. Because there isn’t a password anyone can randomly use. That’s why I feel big tech companies are moving towards it.