Hi @robt1019,
Welcome to the Auth0 Community and thanks for reading the blog post.
Regarding your question, your concerns are legitimate.
OAuth2 best practices suggest using the Authorization code with PKCE flow when using an external browser. However, for desktop applications (like Electron ones), there are a few issues in using the system browser mostly related to the user experience.
To learn more about this, please read the following thread and/or watch this video.