Maybe they're using xdg-dirs? That might work, won't it?

Yah, I read it afterwards and realized I'd verbed a noun. I'm not proud of it.

Many of the projects are backend dev tools, like the Atlas provider linked in the thread.

No. Feel free to download shit and even attempt to run shit. Chances are they won't run because shits are compiled against glibc and my system is not.

Hahaha. Was about to comment nearly the same thing. My NFS share has a different mount. ~/Documents is an empty directory

I was going to say that too, ha!

Average arch user

Me neither, I nuke the default freedesktop folders on an install because they clutter up my home folder. But I'd imagine we're the exception.

Uhhhhh, there's plenty of that being used. From the ground up. Security scanning out the wazzzz. Those are pattern-based scanners though, and this probably wouldn't be detected because it's a blob of binary junk with a script inside. GitHub should honestly put something on their storage backends to warn users, but that's a whole ball of wax people probably don't want to get into.

It depends on the environment. I've been in a couple of places which use Linux for various professional purposes. At one site, all systems with a network connection were required to have A/V, on-access scanning and regular system scans. So, even the Linux systems had a full A/V agent and we were in the process of rolling out EDR to all Linux based hosts when I left. That was a site where security tended to be prioritized, though much of it was also "checkbox security". At another site, A/V didn't really exist on Linux systems and they were basically black boxes on the network, with zero security oversight. Last I heard, that was finally starting to change and Linux hosts were getting the full A/V and EDR treatment. Though, that's always a long process. I also see a similar level of complacency in "the cloud". Devs spin random shit up, give it a public IP, set the VPS to a default allow and act like it's somehow secure because, "it's in the cloud". Some of that will be Linux based. And in six months to a year, it's woefully out of date, probably running software with known vulnerabilities, fully exposed to the internet and the dev who spun it up may or may not be with the company anymore. Also, since they were "agile", the documentation for the system is filed under "lol, wut?"

Overall, I think Linux systems are a mixed bag. For a long time, they just weren't targeted with normal malware. And this led to a lot of complacency. Most sites I have been at have had a few Linux systems kicking about; but, because they were "one off" systems and from a certain sense of invulnerability they were poorly updated and often lacked a secure baseline configuration. The whole "Linux doesn't get malware" mantra was used to avoid security scrutiny. At the same time, Linux system do tend to default to a more secure configuration. You're not going to get a BlueKeep type vulnerability from a default config. Still, it's not hard for someone who doesn't know any better to end up with a vulnerable system. And things like ransomware, password stealers, RATs or other basic attacks often run just fine in a user context. It's only when the attacker needs to get root that things get harder.

In a way, I'd actually appreciate a wide scale, well publicized ransomware attack on Linux systems. First off, it would show that Linux is finally big enough for attackers to care about. Second, it would provide concrete proof as to why Linux systems should be given as much attention and centrally managed/secured in the Enterprise. I know everyone hates dealing with IT for provisioning systems, and the security software sucks balls; but, given the constant barrage of attacks, those sorts of things really are needed.