The higher the percentage of Linux usage the more likely it is that these cases will occur. Most people use Arch because of the aur repository without reading the Pkgbuilds and installing random programs from that repository that give root access to the system. Aur is a security hole in Arch and should only be used for trusted sources and programs that are widely used by the community and yet it is still a security hole for a system. When analysing this issue years ago I understood that it is better for me to have a system with a strong security configuration done by experts in the field. For me a distribution has to have these basic security tools to be considered a secure distribution: secure-boot, selinux and firewall. And along with these tools, do not install anything from external repositories. Only by fulfilling these requirements can we consider that we have a security-enforced linux distribution.
Aur is probably the main reason why many people use Arch and derivatives. However, many users are unaware that aur is not an official Arch repository and that, as you say, you are the one who has to monitor the pkgbuilds of each installed aur package. Normally the most used aur packages tend to generate more confidence but that does not prevent that package to include malicious software in a version change and having root access to the system can take control of certain system services. That’s why I always recommend not using Aur and that’s why I’ve always found Manjaro to be a great distribution, as it retains packages for a few days to check them and discourages the use of aur. Any security measure is too little and that’s why any security tool you can configure is advisable. In a rolling distribution where new code is constantly entering the system, it is essential to have selinux and secureboot enabled.