See TFA for a subset of the problems. Security should be designed so that it's easy to do it right and hard to do it wrong, but JWT offers many opportunities to do it wrong. Maybe you can figure it out with enough reading of TFA and other articles online, but there's no reason to take a risk on such a shoddy security standard in the first place.
> ... full of footguns that it was unacceptable for a security-critical component.
What it not secure about it?