https://lapcatsoftware.com/articles/2024/10/4.html
TL;DR of that blog post is that when you have iCloud enabled but not iCloud Keychain, updating from Ventura to Sonoma causes iCloud Keychain to be silently enabled. (I don’t know yet whether that still occurs when updating from Sonoma to Sequoia.) What I didn’t realize at the time, indeed didn’t realize until now, is that iCloud Keychain already uploaded all of my passwords and kept them in iCloud even after I disabled iCloud Keychain.
At least it’s E2EE.
But yeah, this type of bs wouldn’t happen on Linux.
Also, they were saving passwords in the built-in password manager already, which is how there were passwords to even be uploaded in the first place. People really just find the weirdest, inconsequential stuff to dunk on Apple rather than focusing on actual issues 
so I should be fine with icloud keychain disabled on ventura?
You’re fine either way because of E2EE.
The issue here is consent and trust, which Apple seems to not give a fuck about.
the Apple icloud mail’s password locks this?
Your Apple ID password.
Note that this is a bug in the beta, not intended behavior. That’s why you shouldn’t use it
https://xcancel.com/mysk_co/status/1835948296038183127