if you run sensitive applications on your os and different security level user accounts, security might not be as good as you would think.

basically, the user that is running graphical ui is the most critical. if its get compromised, all accounts might be compromised. even root.

on linux systems, sudo and su might not be as secure as you think.

for example things to consider:

- if filesystem safe? what accounts have read/or write permissions to what files and directories?

- is user input safe? what permissions are needed to install keylogger? user level or root level?

- is clipboard safe? what permissions are needed to read and/or write to clipboard? (your copy-paste privacy)

- is screen safe? what permissions are needed to record screen / take screenshot?

linux isolation options for these situations in my previous note

keep your login session safe, make untrusted accounts as sub accounts. make sure they dont share insecure systems like x11. wayland may be ok.