Yes, if you use passkey to encrypt user data - which is clearly a bad idea because passkeys are not designed for that.

Obviously passkeys do not bind a user to a specific device in any other context.