It's not that kind of impossible. It means that even if you are tricked into giving your passkey to the attacker, it's cryptographically useless to the attacker because a passkey is bound to a specific origin.