Yes, but they still originate somewhere, and if that source goes offline, you're still at risk of accepting stolen credentials.

Yes, but under the assumption that downtime is typically short (a few hours), that small risk seems better than a foreign nation state actor being able to block essential services like identifying with healthcare, or sending transactions.