no verified boot, no full system MAC policies, and if you think "well Flatpaks have sandboxing so I'm good if I just use Flatpaks!", then you aren't. Flatpak tries to implement sandboxing but then allows and trusts all applications to set their own sandboxing policies, meaning any application security or sandboxing is entirely optional and the burden of the program developer(s) to set.
I could go on but I think you get it. I use Linux everyday, I think its great, but it is not secure.

(2/2)