I had to go back through the code - it looks like registration isn’t supported by magic link, although I imagine it would be pretty easy to add it. Feel free to open a feature request issue on the repo, or better yet a PR.
I’ve had a look at the Ash Authentication repo and compared the password strategy with the magic links. I can see how it should work so I might give it a go if I get some time.
I definitely see this as a risk but it could be handled by messaging in the email or on the registration view like “Your magic link will log you in on the device you open it with, don’t share this with anyone”.
I haven’t seen any more sophisticated solutions to this in the wild but I’d be interested if you have