I initially had the same thought as the parent. From the perspective of so many companies relying on the security of one authentication provider (rather than any one company using AD for all their authentication needs).
So if AD were to be compromised, that would be significant impact.
There are of course advantages to such a "single point of failure" such as concerted effort in one place. But one way to mitigate the spof is transparency, and I'm reminded of LastPass versus Bitwarden.
