Isn’t public key pinning unsafe?

Since we can use openssl x509 -force_pubkey to generate certificates with the target public key without owning the corresponding private key, isn’t public key pinning fundamentally broken?