It's funny how this article is really biased by the more recent perspective on things, like how flash is bad and running around with root was a terrible thing. It likely is today and was unsafe then but those were simpler days before linux mindshare even existed enough for people to make exploits for it.
meta note: the article is actually not from 2003, but is from 2018. The title itself is "Lindows 4.0 (2003)", not sure if adding a (2018) to the end would confuse things.
Linux actually always had the security architecture with normal users not having root privileges, so giving the default user root privileges would have been frowned upon even back in 2003. However, Windows did it (until Windows Vista), so Lindows apparently felt obliged to follow suit...
In practice, is running as root really that bad for a single-user personal computer? Most of your data is already accessible by your user account - root wouldn't actually give you much more. Not to mention, even if you do use separate accounts or "sudo", 99% of non-tech-savvy users will happily type their password in any dialog that looks like the official "sudo" dialog, so non-root malware can elevate its privileges that way anyway.
This means that 1) you need to guard against privilege escalation exploits and 2) you need to make sure that your logout/login screen actually happens on the OS's login screen and not malware that opens a fullscreen window mimicking it (Windows has the Secure Attention Key/sequence for this, I don't think Linux has any of that).
It's not just about whether doing the secure thing is difficult, it's whether doing the other things needed to defend against that risk is difficult - if you don't do those too, then it's still worthless and you're merely inconveniencing yourself for no reason because any attacks would use the methods of the first paragraph to work around your use of multiple accounts.
Well, I find that innecesary. If you set OpenBSD encryption with bioctl, no one will tamper with your data if the machine is turned off. On the exploits, very difficult to do so, pledge, unveil and OpenBSD mitigations work.
And the login manager it's usually XenoDM (forked XDM), GDM or whatever X.org based DE manager the user got installed, and that's impossible to tamper with with user permissions.
On potential malware, well, first you need to run it, and yes, any software could dump keyboard and mouse input under your account by design, but for sysadmins, XTerm has a secure keyboard input mode where the keyboard and mouse are bound to that XTerm window and you can't do anything else except to type in that XTerm, because the input it's locked to that window.
Nothing can't sniff from that terminal emulator window, the channel is locked.
The only thing you could do it's to switch to VT with Ctrl-Alt-[F1-F7], but forget doing anything
in the window manager. You can input to the XTerm and select info with the mouse and no more.
meta note: the article is actually not from 2003, but is from 2018. The title itself is "Lindows 4.0 (2003)", not sure if adding a (2018) to the end would confuse things.