That's true. And that's exactly why I give zero trust to any executable that I don't have the source code of. But there is a huge difference between running kernel level proprietary software and user space apps, which are easily at least sandboxable.
TLDR: You don't need a rolling release distro like Arch or its derivatives or any "gaming" distro for gaming anymore.
Many experiments have shown that these distros specifically "made for gaming" have no real advantages. If your friend is a beginner, I would absolutely not recommend Arch Linux, but rather Linux Mint. I have recently found this experiment: https://youtu.be/UtXw9on6qs4 (table at the end of the video) that supports this recommendation.
I haven't used an Antivirus in years... That's one advantage of GNU OS's. I run cracks inside sandboxes which then run Wine and DXVK for compatibility.
That's true. And that's exactly why I give zero trust to any executable that I don't have the source code of. But there is a huge difference between running kernel level proprietary software and user space apps, which are easily at least sandboxable.