The higher the percentage of Linux usage the more likely it is that these cases will occur. Most people use Arch because of the aur repository without reading the Pkgbuilds and installing random programs from that repository that give root access to the system. Aur is a security hole in Arch and should only be used for trusted sources and programs that are widely used by the community and yet it is still a security hole for a system. When analysing this issue years ago I understood that it is better for me to have a system with a strong security configuration done by experts in the field. For me a distribution has to have these basic security tools to be considered a secure distribution: secure-boot, selinux and firewall. And along with these tools, do not install anything from external repositories. Only by fulfilling these requirements can we consider that we have a security-enforced linux distribution.
I also use openSUSE Tumbleweed for the same reasons as you. In my case I also like the security configuration that openSUSE has (SELinux+Firewalld) and its snapshot restore tool in case of failure (snapper). I think openSUSE is one of the distributions that enforces security the most as soon as you install the system and to maintain that security I try to install only the software I need and I try not to add external repositories. I would like to try Aeon because I think it is a more security-focused distro but I still need to dual-boot with Windows to connect to my work and Aeon doesn’t allow this. In short, I use Tumbleweed as it comes out of the box and just add the packman repository. Many people think that Linux is free of malware and viruses and install many programs from aur, obs, external repositories,… without thinking that they are giving root access to code of dubious origin.