@hex00fshield This terrible security is the case for most ROMs.
LineageOS:
It destroys verified boot, weakens SE Linux policies, uses userdebug builds adding immense amounts of unnecessary attack surface, no firmware updates, no rollback protection, and more.
Replicant:
All of Lineage's problems plus all of the devices it supports are too old to get *real* security updates.
OmniROM, /e/, Paranoid android, etc. They're all more or less the same. Stock doesn't have any of these problems.