It objectively is since I never transmit the private key bits to the server. Passwords usually require the whole secret be blasted about the Internet (albeit encapsulated in TLS, usually).

Hint, the server won't be the hostile party stealing your keys here. Neither will be your ISP.

Why be obtuse? Are you talking about compromising the client machine? In which case, you’ve already lost all your keys, and you’re relying on their passphrases being set.

I'm saying private keys are not more secure by default. If your development machine is compromised (which is really easy to do, BTW) they'll steal your keys and probably will have root on your servers and access to your github accounts.

Stealing passwords is much harder in comparison.

As an attacker, maybe true depending on your target. As a user I have had my passwords compromised many times. My SSH keys never have and I don’t know of any prominent evidence this happens much at all. I have been doing reversing, netsec, and appsec for 15 years now, so my memory goes back a ways. Plus, for example, my main system a Linux desktop. You can and should password protect your SSH keys, which further eliminates a number of key compromise scenarios.