> Is there an argument for why non-expiring tokens are a bad idea that I'm missing here?

I don't think you are missing anything. And your full account is anyway hackable if you lose access to your email or phone number.