Having comprehensive unicode language coverage on a free OS is amazing. I wish the font system was smart enough to hide Noto variants in creative apps but leave them available for browsers. There is a workaround to do that but its a huge pain. I wouldn't delete any files managed by the package system. They will just keep coming back anyway. There are smaller collections of noto fonts in AUR that will satisfy the noto-fonts dependency which should keep KDE Plasma happy. They should be a straight swap if you are comfortable with an AUR dependency for a functioning desktop. The newer one is noto-fonts-main updated this year or there is an older noto-fonts-lite. Not tried either. Usual stuff about backups and taking advice from strangers on the internet.
Segoe might benefit more from the embedded bitmap or autohint settings than the regular open source fonts I am likely to use. Microsoft would optimise the hell out of it to take advantage of their proprietary, patented font rendering system. I wouldn't be surprised if it rendered poorly with distro defaults. Its the kind of blind spot a lot of open source devs and packagers could easily have. Its probably packed full of embedded bitmaps for small sizes and proprietary hinting stuff that linux won't understand.
There is no simple answer. Its is almost entirely dependent on implementation. All systems are vulnerable to things like supply chain attacks. We put a lot of trust in phone vendors, telcos and Google.
If you are going to compare to something like termux you need to compare with an equivalent sandboxed environment on regular linux, like a docker/podman container with appropriate permissions. As far as I know they use the same linux kernel features like cgroups and namespaces under the hood.
Traditionally Linux desktop apps run with the full permissions of the user and the X window system lets apps spy on each other which is less secure than Android sandboxing by design. There have been attempts to do better (eg flatpak/flatseal, wayland) but they are optional.