Crypto is hard to get right. It's hard for the average person to know what ciphers or tools to use and which are just snake oil. It's hard to implement correctly so that it is secure. New ciphers are written by people who have a lot of experience in breaking the old ones. As the old guard ages out, I don't see the same depth of interest in the next generation. With crypto, there's no quick fix, and the new hotness doesn't come overnight.
Crypto is easy. Ciphers are easy. Here's a key you can use it to sign and verify messages, open and seal envelopes.
Using crypto is hard. People lose keys, forget passwords, don't transmit keys in a secure way, don't store keys in a secure way, revoking keys, checking for revocation, using third party services like webmail and so on. Strong crypto is like losing your house key and being told that sucks, but since it's an impenetrable bunker with an unpickable lock there's nothing you can do but start from scratch.
People want recovery options. If my house burns down to the ground and I escape with no passport, no driver's license, no identification of any kind the government will get me a new one. Work will find a way to get me a new access badge and key fob. That's why all those ways to recover your account exist, they're not necessary per se and you don't have to answer the security questions seriously. But when you have fucked up big and the answer is just gibberish you're pretty screwed. That's why people answer those with actual facts.