I hate that I 100% agree with you.
Namecheap was very bad on this a few years ago. I do not know if they have changed their system or not. Through a lot of trial and error, I was able to figure out their DNS is populated via a read-through cache to their primary datastore, and the cache had something like a 300 second validity period. A failed DNS-01 challenge would get a record stuck in the cache for "300" seconds, and then into their nameservers for the 60 second TTL (or whatever). IIRC, the minimum safe window I found was waiting 362 seconds -- 61 seconds to timeout the DNS cache, and 301 seconds to timeout the backing datastore. For a large setup, this was unusable - so I migrated all those domains to an ACME-DNS instance.
Namecheap DID have a decent security minded API though - you could create a secondary account and delegate DNS to that. I don't think it had much granularity back then, but I would not be surprised if that improved. They were one of the few Registrars that allowed an API token to only handle DNS - and not give full control over all account functions, which was the status quo at the time. I actually used them for my own domains because of that feature alone, but then migrated to Cloudflare as acme-dns solved all my security and timeout needs.