The person you replied to is right, the "security" of Linux might as well be nonexistent compared to macOS and especially iOS/Android. Even the developers of Secureblue (https://secureblue.dev/) state that despite their hardening and mitigations Linux still lags far behind macOS (and possibly Windows) security-wise. The only Linux derivative that has proper security is Android, and even better GrapheneOS.
OK. Here is a kernel developer explaining it recently on this site:
https://news.ycombinator.com/item?id=48448345
// When people escalate privileges on MacOS it's news, when they do it on Linux
it's Tuesday (you might think the recent spate of privesc vulns on Linux was
unusual but that is totally normal). I say this as someone who works on Linux
security every day (I am a kernel developer) and uses Linux on every computer I
have, both at work and at home, BTW. I am not a Linux hater or Apple fanboy by
any means.
Linux is easier to misconfigure. Macs resists being misconfigured insecurely. At their tightest, I'd say neither is fundamentally more insecure than the other. (The exception would be M5-based Macs, which come with MIE. Though that isn't a macOS vs Linux thing per se.)
This is incorrect macOS is fundamentally more secure than desktop Linux operating systems and it isn't particularly close.
No amount of Linux hardening will get a system even close to an M-chip Mac. Software insecurities aside, desktop Linux OS systems have almost none of the hardware-backed security benefits that Macs do.
At some point, lack of security becomes a feature. A fully secure, locked-down, T2 attested macOS is able to be controlled not just by Apple, but by increasingly evil governments, with no recourse available to users.
Conversely, a Linux system with no verified boot can be easily tampered with without the user detecting it by people lower than the government such as casual hackers. So in a world where your government is going crazy, you're opting for an operating system that can be penetrated with relative ease (e.g. with persistent root malware) both by a non-government hacker on top of a state backed one.