[marcosdumay]

That entirely depends on your threat model.

If you are defending against somebody capturing your credit card number when you buy something online, replacing the OS is mainly done by the attacker.

If you are defending against a NSA-like agency flagging political discourse and discovering you and your friends, the most usual method for defending against those starts by replacing your OS.

[mikecb]

It might be more accurate, though confusing for lay readers, to explain that replacing the operating system can both increase--by keeping more up to date than official updates might allow--and decrease--by deactivating security features that also prevent rooting--your security, even for a single given threat model.