It is 2023 and I am still having to explain the dangers of the OAuth Implicit Flow because I am still finding current documentation suggesting otherwise. Time to make another video to follow up on the one from 4 years ago?
To me the fallacy is- why do most people even need to know anything about it? The choice of what grant to use should be enshrined in SDKs and platforms. The details should matter to very few people, outside of troubleshooting.