I'd argue the sandboxing you get from xdg desktop portals in applications installed from Flatpak and Snap is a lot better than windows giving full system access to an application when it asks. Keeping a program's access domain specific is a lot better security than Mac OS or Windows. Not to mention the security improvements from Wayland paired with Pipewire preventing applications access to things like the desktop, clipboard, and audio without explicit permission. And I haven't even mentioned SELinux yet. In an office setting you could certainly lock down a system pretty easily and prevent things like fishing attacks and even spear fishing. Windows and Mac OS are inherently security through obscurity because they are proprietary and rely on hackers to not know quite how they work, but Linux is resilient because it has more eyes on it and because distributions can modify the kernel specifically for added security like with the SELinux patches.
Honestly, I'll give credit to Apple for pushing forward JXL on webkit and pushing back against Chromium team's dominance and Mozilla team's apathetic stance in the browser space. While I appreciate Mozilla's stance on Manifest V3 and several other issues, I can't help but hope for more development from the Servo project.