I think the downside of many approaches is the "lose it and it's gone forever" aspect. Users just aren't used to that failure case. There's always a password reset link that gets you back where you started. If you have PGP-encrypted mail and you lose access to the private key, you've lost access to that mail forever, and that's still not a very well-understood concept to many people. Awareness of this sort of thing is certainly getting better, but arguably we aren't to a point where your average user is comfortable with that yet, and we certainly weren't there back when OpenPGP was first designed.