Microsoft recommends against opening rdp to the web

As far as a few google searches got me: No, they don't.

Those vulnerabilites come from humans clicking on files they're not supposed to click on. NO way of communication is secure against that. Not even the magic of Tailscale. RDP offers 2FA and has an encrypted connection. It's fine!

What do you mean by "clearly". Open RDP without password protection?

I often use RDP to access my desktop Windows 10.