1. Not in the case of Apple, since you get a unique key that's only usable for your service.
2. Did anyone say something about "only" here that I missed? I just want it added.
Everything else you wrote seems based on a significant misinterpretation of what I suggested. Maybe... ask a question next time?
So, question: is AppleID based on OAuth? And yeah, I'm underinformed on these, though I'll stand by at least some of my concerns applying.
Amongst the problems of adding a megacorp's identification protocols is that those have a strong tendency to embrace, extend, and extinguish (<https://en.wikipedia.org/wiki/Embrace,_extend,_and_extinguis...>). See what's happened to email, RCS messaging, and for that matter, online and social services themselves.
Again, the federated Mastodon poses a far lesser risk of this, though if that project were to be compromised it could go pear-shaped.