-
Not all distros ship SELinux and the ones that do, don’t actually configure it securely.
-
New users are expected to keep copying and pasting commands from their browsers to their terminal which compromises some Linux security defenses.
-
KDE, GNOME and Sway are the only functional Desktop Environments/Window Managers that support Wayland all, while the Other DEs are not even close to shipping with Wayland.
-
Most if not all of the Linux Distros in 2025 ship with Grub bootloader, which suffers from a lot of problems, instead of using the bootloaders that does not support BIOS and will improve the reliability of booting and provide a more stable experience.
The attack is known as the evil maid attack. It requires repeated access to the device. Basically if you can compromise the bootloader you can inject a keylogger to sniff out the encryption key the next time someone unlocks the device. This is what secure boot is meant to help protect against (though I believe that has also been compromised as well).
But realistically very few people need to worry about that type of attack. Encryption is good enough for most people. And if you don’t have your system encrypted then it does not matter what bootloader you use as anyone can boot any live usb to read your data.