Note that the "just" is overlooking that it's more locked down than a typical Linux box, in that the OS filesystem is read-only and all app installs live in userland (though you can turn off the read-only behavior). For what it's worth I'm very much a fan of it as a default for a mass-market machine, but you'll run into weird gotchas if you want to do "programmer stuff" with it.
That's how a lot of modern Linux distros are because immensely better. Updates on an immutable OS are massively more reliable, it doesn't prompt you to merge diffs in config files, it never breaks, you never have to reinstall.
I've run Bazzite on my desktop for the last year and every update has just been hitting the "Apply" button in the settings page with my xbox controller. While on mutable distros it's always involved going in to the terminal and running a series of commands or opening the repo list and manually replacing the release name for Debian. I know there is a GUI software store to do it but it literally never works because some error will show up that isn't handled and you just get a generic error message.
"Locked down" is an incorrect way to look at it.
It follows a different philosophy. I've been using atomic systems for the past year or so as my main driver.
If you want to install something that needs superuser access, you do it inside a container. This protects your OS from breaking.
The number of times I've accidentally installed something which broke my window manager or compositor is now zero