So it would seem obvious that they want customers to give out their passwords so they become victims of fraud, only to then learn that the bank has excellent fraud protection (contrary to let's say cryptocurrencies).
That is pure speculation of course. Hanlon's Razor would suggest "banks are too stupid to implement good auth", which, having worked both outside and inside the banking industry, I would strongly agree with.
Edit: if anyone is interested it looks like it’s an EU directive https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A...
Playing fast and loose with security because the bank will be on the hook (at financial cost to the bank) does not seem like a moral or ethical thing to do, and banks would be likely to pull transaction reversion from anyone who tried to use it as a feature.
Banks won't cover you for fraud that ends up happening because of you handing your online banking password to someone and rightly so.
When they do cover you, it'll be because they have a professional relationship with Plaid and/or they rely on other auth methods such as EMV CAP.