> On Linux, yes you can spend months modifying Flatpaks, or writing SELinux rules or apparmor profiles but nobody does that.

For what it's worth, RHEL and to some degree Fedora do give you those SELinux rules for most of their packages. That OOB for anything you would install with rpm.

> it is only a matter of time that malware that steal secrets from home directory to arrive to Linux too.

No need to wait? Most of the malware distributed over npm/pypi has supported Linux and sometimes MacOS for a long time.