Typical example is Web servers with SSL cert. The security is not lacking: you start service and then you enter cert password.
How many people actually do that? Noone. I bet this forum doesn’t do it either. (I don’t do it on my SSL-enabled sites, of course).
Also, knowing about all the ways that State actors with essentially and comparably unlimited funding can pwn any OS, the illusion that security could be considerably improved without completely ruining usability is laughable.
Security of any OS can be considerably improved by making 10-20 minutes worth of modifications in settings. Most people don’t want to invest 30 minutes in checking security how-to’s and implementing them (and even if they do, they’re only secure from unsophisticated attacks). I said it here, resistance is almost futile. Yesterday I read how with IoT State actors are planning to spray the world with “hacking sonds”, so to speak, to gain almost perfect visibility and reach anywhere in the world (regardless of what your bespectacled EU commissioner, who’s never installed Windows in his life, told you).
And on this forum we’ve seen the usual attitude toward security dozens of times: everyone wants to have a perfectly secure OS or h/w device, they don’t want to pay for it, and if there was a give-away they’d prefer the device to also have 2FA and password recovery so that they don’t get inconvenienced by the too-tight security.
All in all, it’s not that dissimilar from the pathetic state of democracy in the Western world: 99% of voters expect to get something for nothing and are willing to endure zero inconvenience to protect their freedoms. Linux is not nearly as bad - at least you get a choice to harden it or use FreeBSD or whatever.