These things, like user accounts, more auth methods, flexible endpoints, IP pools, ..., should be integrated in a product in a secure manner. What wireguard does is the irresponsible lazy approach of leaving everything up to the VPN providers and webinterface-monkeys. Who will surely mess up a lot of the upper layers that provide all the necessary "comfort" features. After which the wireguard crowd will wash their hands with the Jobsian "you are holding it wrong".