Your arguments are right, indeed, though they are rendered a bit moot when we're in a thread discussing Ubuntu Touch, which is like, 10 times more insecure than any custom Android ROM, since it uses a desktop Linux security model pretty much.
Ubuntu Touch is not even that up to date, really. It only recently rebased to 20.04 from 16.04 and 20.04 will go EOL next year, while there's still no promises on how they plan on transitioning to the next LTS release (I get that they're a team of volunteers while Google is a massive corporation, but working on what was essentially abandonware to begin with was likely a disservice, as other mobile Linux distros can follow the upstream a lot more closely than Ubports does).