This is good for developers but there are two important unknowns if you're an end user:
1) You don't know whether the service or site employs best practices e.g. throttling. (Although you might be able to test that yourself if you're tech savvy.) So you may have to assume the worst, and there goes Point 1.
2) You can't be sure they will report a breach if it occurs, or that the password will ever show up in e.g. haveibeenpwned. So there goes Point 3.
1) You don't know whether the service or site employs best practices e.g. throttling. (Although you might be able to test that yourself if you're tech savvy.) So you may have to assume the worst, and there goes Point 1.
2) You can't be sure they will report a breach if it occurs, or that the password will ever show up in e.g. haveibeenpwned. So there goes Point 3.
Point 2, you do have control over.