You overstate the situation with one time pads: they eliminate the decryption issue by shifting it entirely to key distribution.
As for "real-world crypto", they've certainly been used in the 20th century and the continued existence of number stations as mentioned on HN in the last couple of days suggests that such simple systems might still be in use. It's hard to get more simple than a booklet of TRNG data printed on flash paper and a shortwave receiver.
Instead of annoying everyone by arguing definitions for the rest of the day, let's just stipulate that we're talking about "crypto done by computers using products that you can actually buy and conceivably deploy in a commercial setting".
Unless you have a physically secure channel to distribute keys (in which case, why bother with OTPs), the fact that OTPs move the security model entirely to "key distribution" is an academic point. Any online key distribution system you'd come up with for your OTP is (a) going to become the fulcrum of your entire system, and (b) by nature of feeding an OTP, going to permit a far more restricted set of designs than any key distribution system for a "conventional" protocol.
The reality is, OTPs are entirely unsuitable for commercial information security. That's a strong claim, but not a slippery one, and I'm willing to back it up.
The arguments around OTPs are surprisingly isomorphic to the arguments around Javascript crypto.
I agree with your strong claim, with the single exception of "TRNG data that you can physically hide (i.e. in a PCIe card) may be a useful source of keys or entropy". Which was the sort of thing I was using it for in 1996.
As for your last point, I'd personally substitute "intuitively obvious" for "surprisingly", but I will admit I've been playing this game on and off for a long time
Perhaps for the same reason I run NoScript ( 1/2 :-) ?
OPTs obviously devolve to the key distribution problem.
The environment of client side Javascript is obviously to me a superset of the key distribution problem. After all, you start out by distributing your code to the (insert your favorite derogatives here) client.
Simson Garfinkel likes to refer to the whole https game as something like transferring a valuable from a cardboard box in an alley via an armored car to a park bench. I'd end with the end of a Matt Groening Love is Hell quote: "At night, the ice weasels come."
As for "real-world crypto", they've certainly been used in the 20th century and the continued existence of number stations as mentioned on HN in the last couple of days suggests that such simple systems might still be in use. It's hard to get more simple than a booklet of TRNG data printed on flash paper and a shortwave receiver.