Yeah, the security properties of the Trusted Publishers are clear now although it really wasn’t obvious while I was still using them as a consumer!
I am actually quite happy to hear that PyPI API tokens provide more-or-less the same degree of security as Trusted Publishers; there are important concerns around vendor lock-in (for example, npm’s API token policies mean you are essentially forced to use GitHub unless you’re willing to embed your account password and OTP key in the build machines, which is what I will have to do to exit GitHub) and being able to say “I will be responsible for the confidentiality of the publishing token and if something happens to the package that’s on me, not PyPI or [CI provder]” and use the token directly means these concerns are alleviated. It’s a tradeoff I want to be able to make even if PyPI had first-class support for more CI providers.