First, it's important to recognize that the following statement by Apple is basically a disclaimer should you get locked out of your account.
"If you lose all of your trusted devices and security keys, you could be locked out of your account permanently."
Can it happen? Yes, the possibility is real. Is it likely to happen? Not likely.
Not all services utilize security keys so you'll still need the alternate methods of 2FA (two factor authentication).
As for getting your account locked, there are several steps here to help mitigate that:
- Multiple keys. When you have a hardware token like the Yubikey or RSASecureID, you want to have a second one that is ideally in a secure, off-site location. Should you lose one, there's always the second to get you back into your account
- Trusted devices. Like having a second (backup) hardware token, having multiple trusted devices allows you flexibility should you have a device lost or stolen. Similarly, it advisable to have a trusted device you don't always take (a second iPad for home use) with you like your iPhone and primary iPad.
- Finally, there is Account Recovery. This is a manual process by Apple to validate your identity and get your access into your account restored.
The hardware tokens (security keys) provide a much higher level of security than the already strong 2FA. However, higher security means an increased chance of locking yourself out of the account. That said, taking some simple precautions detailed above should mitigate that risk.