What's your threat model? Is it more secure that you as a user can execute root code? Or that your phone manufacturer can without asking for your permission?
Modern smartphones are basically spyware distros. I would argue it's far more secure to run a decent distro (Lineage/Replicant) with root, than it is to run any SamWeiMi crapware without root. Oh yes, the manufacturer's crapware has system privileges whether you ask for it or not, and so does Google Play Services, Google's universal backdoor for Android.
On paper, no root is better. In practice, even on a crap distro, rooting it will enable you to remove most crapware to reduce attack surface.
Also related: if you're concerned about security, you should probably only use applications from F-Droid.org repos. Google Play Store (and others) are just full of spyware! See also the Exodus Privacy project tracking trackers via static analysis of APKs.
Even with a custom ROM that includes no google anything whatsoever, you still should not have root... that's what I mean. Just like how you should always use Secure Boot (but LineageOS requires you leave it off).
Modern smartphones are basically spyware distros. I would argue it's far more secure to run a decent distro (Lineage/Replicant) with root, than it is to run any SamWeiMi crapware without root. Oh yes, the manufacturer's crapware has system privileges whether you ask for it or not, and so does Google Play Services, Google's universal backdoor for Android.
On paper, no root is better. In practice, even on a crap distro, rooting it will enable you to remove most crapware to reduce attack surface.
Also related: if you're concerned about security, you should probably only use applications from F-Droid.org repos. Google Play Store (and others) are just full of spyware! See also the Exodus Privacy project tracking trackers via static analysis of APKs.