As discussed on this thread:
.. there is no existing downgrade protection on the client that could prevent a compromised server from forcing the client down to simple password auth and thereby stealing the long-term credentials.
This defeats one of the stated goals:
"With the goal that not the traffic sniffing, not the mysql.user table, not both together, not even a fully compromised server would be able to recover the password"
A compromised server can downgrade the auth to simple password and thereby recover it on next client authentication.