TL;DR: Why choose MeshVPN over a Wireguard server?

Hey folks, just curious, can anyone explain why you'd pick Tailscale/Netbird/etc. over a standard Wireguard server on your router or on your network in a homelab setup?

From what I gather, using something like Tailscale means a third party (the coordinator) holds the "keys to your kingdom." I get that connections are direct and client-to-client, but the coordinator still approves them. Doesn't that kind of defeat the purpose of self-hosting? Someone at Tailscale could theoretically grant access, right?

I know people might say you don't need to punch a hole in your firewall with Tailscale. But as far as I understand, a Wireguard port (which can be any port) only responds when it gets its certificate. Otherwise, it's seen as a closed port.

With something like Netbird, you still need to open ports for the client to connect to the coordinator server, which could be a VPS or something, but still holds the keys to your kingdom.

Everyone says Tailscale/Netbird/etc. are more secure and better. The only clear advantage I see is using MFA with them. So, what's the deal? Why do you guys prefer these over a plain Wireguard setup?