You can use profiles if you want different use cases. I dont think "increased attack surface" is the biggest problem, but you have 2 browsers that are both updated, take up RAM etc.
You could just use different Firefox profiles, using a custom desktop entry with actions and one action for every profile, example:
This was so cool to find out, and in KDE (and likely other desktops) you can access those actions using right click.
You can also change such a workflow to do
launch app && rm -rf ~/appdirectory which will enforce to always delete everything without needing to trust that app. I do that for the flatpak app "Decoder" which is great but wants to save a history without an opt-out, and as I use it for password sharing (generate a QR code locally on my phone)