Open firmware is but one part of the equation. The evolutionary pressure of state actors trying to deploy malware on iOS and Android forces those platforms to develop vulnerability mitigations and security architectures that currently just are not matched by anything in FOSS. Desktop linux is woefully insecure compared to these platforms. I don't want it to be, but it seems that, unless you are ready to use Qubes, no one has the time and effort to further the security of desktop linux in any meaningful way.