Linux can be hardened, but is very open by default.
yup.
It also offers no out of the default sandboxing of apps from each other.
I don't use applications that need sandboxing. I would enjoy if OpenBSD's pledge and unveil were ported to Linux at some point though.
It isn’t immutable, unless postmarketOS is, which is a large security threat when considering device integrity.
How does immutability improve security beyond standard unix file modes?
Full disk encryption isn’t enabled by default (unless changed in postmarketOS).
I used to do FDE, but now I prefer just encrypting the files I actually need encrypted. FDE doesn't protect you from an attacker that can get access to your phone while it is booted.
Root login is enabled by default (a huge attack vector).
What huge attack vector? It's just as secure as any account if it's given a good password. I'd argue sudo/doas is a lot less secure when authenticating to root, since if an attacker knows your user password, they now also have root access.
I recommend a deblobbed Android ROM like DivestOS (my personal fav and more deblobbed of proprietary blobs than any other ROM) or GrapheneOS.
I will use my already deblobbed Linux distribution, but thanks ;)