Well, it tells you something about that JWTs allow more ways to misuse the token spec which already makes it a bad standard. alg = none is still in the standard, no encryption by default and there is no sane cryptographic choice to sign/encrypt the JWT, which allows developers to shoot themselves in the foot as what we have here with using it with sessions.
Fernet  was the closest to being a successor of a better standard, but I believe PASETO  or even Branca  tokens look much more better alternative for JWTs. If not, then the good old session cookie may suffice even.
 - https://github.com/fernet/spec
 - https://paseto.io
 - https://branca.io
Just like how the JWT spec hasn't been updated to disallow a lack of an algorithm, I'm unsure why JS doesn't offer a 'safe' version of the parse in the API.
We only use JWTs where it makes sense. For browser-based access, we personally prefer cookies with opaque ids to represent a session.