You’re right. They are insecure.
Read my argument again. I’m not suggesting passwordless login is less secure than password based (though I haven’t really tried to analyze it; it might well turn out that it there is a significant flaw). I just commented that “email security” makes me laugh.