We disabled it on matrix.org because it was being used for 2FA SMS fraud, costing us $$$K, and we didn't want to burn time building an anti-fraud system. Getting access to everyone's phonebooks is also a privacy risk (even if you do fancy stuff with SGX like Signal does).

Meanwhile, government deployments typically have LDAP or similar to discover users - and so it hasn't come up as a big requirement for the folks generating $. It's on the radar though as one of the main blockers for mainstream uptake... but right now we're trying to keep the lights on first before focusing on accelerating mainstream uptake.