The problem is, we haven't really created a safer world. We created an illusion of safety by taking away agency.
We might be safer in terms of vulnerabilities, root exploits, RCEs, etc. but the internet is still full of malware, scams are still just as rampant. Vigilance is still very much required, but is no longer taught.
Look at all the malware available on the Play Store. The curation does nothing but create an illusion of safety.
It’s absolutely safer browsing the internet now than it was when I was a kid. Getting a virus or equivalent on your phone is no small feat
It happens all the time, and its as easy as sending a phone a text, or a packet, or escaping a sandbox, but you'll rarely be aware of it when you're infected because unlike the old days where malware would fill your screen with ads or something today they just silently collect your data or use your internet connection for careful port scans or DDoS attacks. NSO Group spyware (or similar) could be on your phone right now.
Hell, cellphones these days ship with spyware pre-installed. Samsung being the one of the worst for filling their phones with their own apps which spy on you constantly.
No nation state actor is going to waste a 0day on a random nobody. Even the recent Notepad++ exploit was only used against specific political targets. Any actor smart enough to be able to have an arsenal of 0days at their disposal is also smart enough to use them only where they are worthwhile because they will only get to do it once.
Believing you are more under threat from sophisticated government hackers rather than unsecured IOT devices, unvetted npm packages or hijacked download links is just LARPing for people who want to sound more important than they actually are IMO.
We've seen examples of phones being hacked which belonged to journalists, producers, editors, activists, staffers at NGOs, lawyers, security researchers, doctors, CEOs, HNWIs, government workers, and even their families and friends. You can bet there are people here on this site which would easily be considered valuable enough targets and because the people those targets associate with are also being hacked you can bet that there are lot of "random nobodies" caught up in it. It's also not just governments using attacks on cell phones, those just tend to be the most dangerous.
Is it that much different? In the past if you downloaded the wrong file, you could get ads opening constantly, a new toolbar taking over your browser, data scraped and sent off to a mystery server, or have some process maximise your compute.
This accounted for most of the risks on the wild west internet, but the worst case scenario of permanently losing data or having to reinstall Windows was actually rarer than it was made out to be imho.
These days the common risks are the same, except they're no longer risks - all of those have been built into the fabric of everyday internet usage and criminals have been replaced by businesses. It's like the cliche about Vegas being better when it was run by the mob.
The late 90s internet was filled with predators, skeeziness, and viruses that would break your computer and require a reformatting.
That stuff is still there if you look for it, but it's not on your social media feeds or in any of the apps provided through app stores.