One thing that people miss - either out of ignorance, or because it goes against the narrative - is that systemd is modular.
One part handles init and services (and related things like mounts and sockets, because it makes sense to do that), one handles user sessions (logind), one handles logging (journald), one handles networking (networkd) etc etc.
You don’t have to use networkd, or their efi bootloader, or their kernel install tool, or the other hostname/name resolution/userdb/tmpfiles etc etc tools.
That sounds like proper security to me? Inability to access the user’s storage is a bit lame, but they’ve been moving to nicer APIs for that anyway.
Android is a mobile phone OS, not desktop / embedded Linux.