Exfiltrating an admin token is a big "if"; you shouldn't issue admin tokens at all, and GitHub does (at least for me) pop a proper MFA challenge when attempting to issue one.

(I wrote that Astral post.)

Edit: separately, I'll note that the risk of long-lived, highly privileged credentials is the primary motivating reason for Trusted Publishing: a developer's machine has (by necessity) a much higher degree of access than an ephemeral runner does, making it a much juicier target for an attacker. It also runs all kinds of stuff in a mostly unsandboxed manner, making it easier (in principle) to exploit. That's not to say there shouldn't be additional guards on publishing, but that I'm not remotely convinced that local publishing is any better by default.