Even after the edit at the top regarding PIN it still seems to not get the main point of a U2F token: It's physical. It's incredibly hard to extract secrets from it. It's local to where it physically is.
If I have a password then there are probably a couple of services and people that could reasonably get to it either by hacking the service the password unlocks (in storage if its a really insecure service or in transit the next time I log on), or can extract it from my password manager/memory/browser or whatever.
The point of a U2F token for me is to change the number of people who can reasonably authenticate as me from "everyone who has my password" to "everyone who have a physical key I keep within a reasonable distance from me that is incredibly hard to copy and has my password". U2F also validates auth origins quite a lot better than many other methods, although I guess that is not relevant to this argument.
A hardware U2F token is not the end-all be-all security, but it reduces potential attackers a lot.
Anyway, the main thing I wanted to mention is that the use of public key encryption means this is quite different from the device having "my password". Even in the on-device ("resident credential") scenarios the authenticator doesn't have a password which is a shared secret, it actually has a private key which it won't divulge - much better.
Implementation errors by a web site can leak your password, which because it's a shared secret can then be used by adversaries to log in. It's impossible to be sure a site didn't get this wrong, even if you're confident they are competent and well meaning.
In contrast the WebAuthn (and U2F) design doesn't give sites enough information to impersonate you even if they wanted to, only to authenticate you. This is a familiar pattern from public key cryptography, receiving the certificate for news.ycombinator.com allows me to verify this is news.ycombinator.com but not impersonate them. Likewise, when you enroll a FIDO authenticator to use Facebook, Facebook doesn't learn how to impersonate you, even on Facebook, only a way to verify that you still have that authenticator. [And the design is even more careful, it uses completely independent credentials for each site, so when Microsoft bought GitHub they actually could not merge the FIDO-based authentication between GitHub and Microsoft properties, even if they thought that was a good idea it's deliberately impossible. ]
"everyone who have a physical key I keep within a reasonable distance from me that is incredibly hard to copy and has my password"
I took (hard to copy and has my password) to be properties you were giving the physical key, but in fact I see the correct interpretation was that "and has my password" is an adjunct to the properties of this hypothetical attacker who now needs to steal the key.
If you are talking plain USB mass storage for keys I disagree.
That being said, it's incredibly unlikely that someone would ever sell mass storage based USB credentials because:
1. Security products are marketed based on surviving the worst case scenarios. Nobody would buy a U2F token that is "good enough for the threats you probably face".
2. By the time you've hardened any USB device from remote cloning, you're probably already done most of the work to harden it against local cloning. Might as well complete the last bits necessary in order to get the marketing benefits from point 1.
(it's kind of funny how you can make a seemingly airtight argument about something common-sense and non-controversial and have some weird imposs.. improbable corner case unravel everything)