What's the takeaway?

The takeaway is that most people don’t think this way. A large portion of online recommendations for auth in Nextjs recommends middlewares for it. Knowing this, you’d expect a faster response time from the people maintaining the framework and stand to lose the most.

The Vercel-like auth company Vercel's CEO invested in default recommends middleware for protecting routes:

https://clerk.com/docs/references/nextjs/clerk-middleware

You wouldn't get a user's info, but you'd get free reign to explore every page of a product