You don't even need to die for this to be an issue. Your registrar could just screw up and sell your domain to someone else. Or your registrar could have a security breach resulting in your domain being transferred. There's a myriad of ways the "own your domain" solution could fail, so it's really about which risks you're willing to take.
One of the reasons I am in the process of moving all of my domains to Gandi is because they appear to be the only reputable domain registrar that supports U2F. I take security extremely seriously when it comes to my domains.
> One of the reasons I am in the process of moving all of my domains to Gandi is because they appear to be the only reputable domain registrar that supports U2F.
I use Gandi and am quite pleased with their security settings. Not only is my account secured with an absurdly long password, I have U2F enabled and I have enabled the IP restriction list so that authentication only succeeds when coming from one of them. They even fixed my only quibble. In the past, if I logged in with valid credentials but from an unlisted IP, the error message would say "you're coming from an IP that's not permitted." Now the message for all types of failures--bad password, wrong IP, incorrect TOTP code--is the same so an attacker can't confirm valid credentials.
Namecheap now finally supports TOTP and U2F is on their roadmap. I was close to dropping them before this recent development but it seems like they finally take this seriously
