MDM is the worst part of iOS. It undermines all of apple’s security claims, basically making iOS windows. Devices should not be able to be remotely controlled.
MDM is designed for corporate owned phone environments where there's a great many good reasons to lock down a phone. If you're handing out company owned phones to employees you want the ability to remotely lock/wipe, install and remove apps, set a number of restrictions. If people want to do anything else they are completely welcome to do it on their own personally owned property.
For instance I have recently seen a very successful Apple MDM deployment in a school environment where the teachers and staff have access to a great depth and breadth of PII of a thousand children under age 16. You don't want all those phones to become a free-for-all of people doing whatever they want.
MDM enables enterprises to control how the phones they own behave. If anything it makes it more secure, if an enterprise were to only allow allowlisted apps to run on it.
The only issue is BYOD via MDM (when it's not via "Work Profile"), which is somewhat scary from a user perspective, especially from how hard it is to tell what permissions they might be able to spring on you at any time.
It can be done all locally. How can an optional feature that's not even easy to use be the worst part of iOS?
Nonsense. MDM is usually for devices owned by the company or opt in by you personally. There is no way to attack or transparently MDM a personal phone that I know of.