The threat models aren't secret algorithms, they're apps reading the contents of the screen, stealing keystrokes, MITM attacks against 2FA, and much more.
I don't have this problem on my computers, they run free software. My wifes thinkpad runs free software. The friends I gave a computer with various GNU+Linux distros don't have this problem.
Add Google Chrome with its spammy extensions to the mix and they start getting problems.
So, things that can be exploited on a stock Pixel with no user root? This is a weird argument to make at the same time as https://news.ycombinator.com/item?id=45588594 is on the front page.
If their security depends on enslaving the user, their security sucks.
Real security, be it your financial transactions or keeping your bird pictures safe, doesn't depend on any secret algorithm. Because it's secure.