Because some of these APIs are useful in an enterprise app setting that aren't distributed via the App Store. Like Disney applications on their turnstile devices at Disney World.
Not everyone uses Cloudflare for their proxying service. I use them purely for my DNS, but don't have the MITM proxy enabled at all. His scraping is a better idea probably.
This was a post about offline-first clients, and N1 requires the sync engine to function (which I suppose can be run locally if wanted but you lose some features. )
Eh. Hence why I said it like I did. In most cases, the device generates the secrets. And that's how it should be done, it guarantees that they can't be compromised easily (vs if someone compromised wherever you backed up those keys to).