Security is done on multiple levels, check e.g. the OSI model, you have to apply security on each one. Just applying something on the application layer is bad, lazy and prone for mistakes. But I’m clearly preaching to the wrong crowd and the point of defense in depth is not understood. I really didn’t expect this from the OpenSUSE community.
It’s funny that you say Aeon is not for my mom, I agree on that. In fact she and other family members use Fedora Silverblue with ease, because the system is out of the box secure, stable and usable for both normies and pros. And pros really don’t disable firewalls, ever. Unless I’m already getting too old and this is the latest trend?
Anyway, I won’t disturb this forum any longer with my ranting 
Maybe I’ll be back one day, because as I said, OpenSUSE looks nice. It’s just not for me yet, apparently.