They're not _that_ expensive (usually $500-$1k/mo) and I wouldn't really characterize the vetting as "thorough".
Don't get me wrong, carriers have been making strides to lower the amount of spam that's sent through the air (A2P requirements, toll-free number verification requirements, etc), but a determined scammer can still exploit SMS/MMS pretty easily.
I've provisioned several shortcodes. There's a 12-week approval process (every carrier has to independently review & approve) and if you get flagged/reported for spam they will come after you for it. IMO this makes it prohibitively difficult & time-consuming for a bad actor to use effectively.
I think the processes are getting better each day, but it was only a couple of years ago that you could share a shortcode. My main point is that even with all of the safeguards it's still a ridiculously easy system to exploit.
Most people will trust a toll-free number just as much as a shortcode, and since tons of legitimate companies use toll-free numbers for messaging it just blurs the line of what a "reputable" number looks like.
Even SendGrid, which is owned by Twilio, uses toll-free numbers for their 2FA messages instead of shortcodes.
It also makes it difficult and time-consuming for a good actor to use effectively.
As far as I could tell (although I retired in 2019, so might be out of date), you can't use one short code through multiple aggregators, so if you want the benefits of multiple routes, you've got to have multiple shortcodes or live with sending from regular phone numbers.
Don't get me wrong, carriers have been making strides to lower the amount of spam that's sent through the air (A2P requirements, toll-free number verification requirements, etc), but a determined scammer can still exploit SMS/MMS pretty easily.