I think you’re missing the context. We’re not talking servers here but desktops. Arch is typically used on desktop systems. The threats that face desktops and servers are not the same. Same goes for risk and potential damage. Also please provide a source if you’re trying to debunk “common misconception”.