The variant DJB suggests there are explicit risks. For example
1. both ECC and ML-KEM can be broken (obviously)
2. additional code complexity could increase the LoC of teh crypto implementation, making it more plausible there are implementation bugs
regardless, this is a red herring. Nearly all cryptographers still support hybrids!!! The current RFC is *not* about "use pure ML-KEM". It is instead about "if you're going to use pure ML-kem (and we explicitly recommend not doing so), here is how to do it in a standardized way".
The people arguing about this decision don't even know what the decision being made is in the first place.