Debian as a server gets security updates, but the packages for desktop remain old, feature robbed and vulnerable. Default Web browser is passing on manifest v3 which enhances security. Linux isn’t going TPM2 (yet) which prevents rootkits, bootkits, keyloggers, and malware. Linux doesn’t enforce security updates. Anyone that thinks Linux doesn’t have frequent security problems hasn’t done a web search on the topic. All operating systems have issues, -Desktop Linux deliberately so.
It makes rather solid platform for your daily work. You have few select apps that receive frequent updates such as browser, but for the most part the system stays the same for the 2 years you sit on the latest stable version. You don’t get new problems really after sorting out the initial ones
I guess it makes sense, but I personally prefer the nixos approach where you can mix and match any stable and unstable packages (and not only gui apps like that with flatpak), or pin a particular unstable version of a package, or rollback to the previous known-working state. Using Debian on a desktop just feels like fighting against the model of the distro, and it’s not exactly what I personally want to to.
Honestly, distro choice is really just what you know
Then you can do whatever you want with it. I’ve been using debian for some years, and Ubuntu before that, so I’m confident on what I work with and that’s the biggest deal maker