[vladvasiliu]

The potential issue I see on Linux is the spread of third party distribution channels, like npm / pip / etc, which also tend to undergo much less scrutiny than official packages.

Sure, if someone gets root on my Linux PC, they could do a lot of damage. But my most important things are parked in my home folder, which any old script running as my user can access without any problem. No need for privilege escalation or other fancy things.

AppArmor and SELinux can probably mitigate this, but I don't think they see particular widespread use in "default deny" mode.