• make that browser a "hidden app" that is only available with FaceID
• open a tab in that browser on your iPhone
• bring the iPhone near to a "Continuity"-enabled Mac and see that private tab of that hidden app being brought up on your Mac, without authentication either via password or *ID
Fascinating perspective. I understand your point, and agree with it generally. I will point out though that this doesn't really have anything to do with Continuity or any "feature" per-se. It doesn't really have anything to do with "parental controls", that was just the daemon that was exploited. You don't have to have a "child" user account to be vulnerable to this. Every user account is vulnerable to it.
• download another browser on iOS
• make that browser a "hidden app" that is only available with FaceID
• open a tab in that browser on your iPhone
• bring the iPhone near to a "Continuity"-enabled Mac and see that private tab of that hidden app being brought up on your Mac, without authentication either via password or *ID