Its not relevant because: Apple devices only run "trusted" code. Cloudflare then says "hey, any PAT which originates from Apple is probably generated by trusted code, we know what heuristics we use, we trust those heuristics, lets approve it."
But extend the same theory to more open devices. There are two outcomes:
(1) Services trust the PAT itself. This would be pointless from a bot-mitigation angle, because anyone could just mint and submit a PAT. But, it would be "open".
(2) Services trust the PAT issuer. Implicitly, this means, they trust all the code which the issuer uses to generate the PAT, probably using device heuristics of some kind.
The second outcome is far more likely. Conways Law: these systems were built by teams with one goal: to stop bots. (1) wouldn't actually stop bots. Similar to SSL certs: We don't just trust any valid SSL cert; we only trust ones that are issued by known trustworthy third parties.
But there's no way to trust code running on open systems. They can't trust the heuristics, because they could be faked. Even if a solution evolved which looked like "the linux kernel has this built in" or "canonical distributes a known good binary which contains good heuristics algorithms", it doesn't matter, because there's no way to cryptographically validate it. We can modify the code, run whatever, and suddenly that Issuer (Linux, Canonical, whoever) can't be trusted. Only issuers which operate their heuristics in locked-down environments can be trusted.
Also similar to SSL certs: they'll say "we'll always have captchas as a fallback"; "you don't need HTTPS, HTTP is always there". It's bullshit scrying from people who can't think more than one quarter ahead. In the case of SSL, its reasonable bullshit, there's strong arguments for it, it made deploying websites slightly harder but not insurmountably. PAT is another step beyond that, and I don't see a situation where this technology is both Useful and Open. I really hope we decide to sacrifice its usefulness; but the Powers That Be probably won't.