carrier authentication is huge! do you want someone to be able to subscribe to a network with your phone number? receive your calls? texts? or call or text as if they are you? yes the sim has little relevance to device security for most smartphones. contacts on sim are a great example of supporting legacy features for BC only. but the network is still very important to secure.

sims are used for more than just phones. the chip on your credit card is a Secure Element. the chip in your passport is too. these are some of the most physically and technically secure pieces of hardware ever made

Carrier authentication is not huge. The vast majority of communications services today are secure without a SIM, even ones that are tied to your number. Ever notice that iMessage keeps working without a SIM? The SIM card is mostly a relic that is useful to the carrier oligopoly because it increases network switching friction.

If someone is able to authenticate as your phone number, they can set up iMessage and receive a copy of your future messages.

Wouldn't they need to at least need to log in with your iCloud credentials?

nope iMessage does not require iCloud

This is wrong. iMessage uses your Apple ID and is definitely iCloud based. That's how it can tell the state of messages from device to device.

you wouldn't be able to authenticate on the data network without a sim. unless you exclusively use wifi the carrier network is still a huge part of everyone daily phone use

The onboard crypto is still used to secure voice calls.

Why not use the same secure element as Apple is using for Apple Pay for this?

Because the SIM is universal, its designed to be architecture independent, the SIM is also open, when the secure element that apple is using for apple pay is not.