You've totally lost me, and it's not because I misunderstand FIDO. The private key you refer to must be kept secret or the credential is compromised. Yes, this is undoubtedly better than passwords, because the system automatically prevents credential re-use across services and is more resilient than a password hash, but it still requires secrecy. You're not providing an example of a system that functions without the need for secrecy, you're providing an example of a system that uses a very tightly controlled secret, known only to the party that needs it i.e. the FIDO key. Sounds a bit like the principles of need-to-know and compartmentation used by intelligence services...
Open source is useful, to be sure, but so are informants / agents, and the safety of those sources and their continued usefulness is completely dependent upon secrecy. If that's too Hollywood then consider undercover law enforcement.
This line of reasoning doesn't hold up at all. The best practice advice 'avoid security through obscurity' has nothing to do with what you're talking about. Also, FIDO absolutely relies on secrets: that's what a security key stores.
I'd be interested to hear how you think law enforcement and intelligence could still work without confidentiality.
I was super surprised to learn AWS will only allow you to register a single FIDO token - the inherent lockout risk pushed me back to using OTP with the seed stored in multiple Yubikeys.
No, the whole point of U2F/FIDO is that phishing sites can't extract a usable credential from the key because everything is tied to the origin requesting the authentication.