You're right, people's accounts aren't getting hacked that often. This is because of a wide array of security measures - the ones you're suggesting be disabled. The frequency of breaches goes up significantly without those in place, especially when coupled with the kind of weak password likely to be chosen by struggling, marginalized, vulnerable people whose priority is not keeping bots at bay.

In short - yes, but the consequences defeat the point.