I don't think these problems are opposing; both are real.

I totally agree that user space is not as much of a useful concept on a single-user device. Originally, it helped to shield users of the same system from each other. Most of this was based on file system authorization. This hasn't been extended to internet access in a very useful way.

However, even on single-user devices, having root access makes it easier to hide malicious processes. Granted that in modern operating systems it is already totally unclear what most processes are doing, so one can simply hide in plain sight.

I'm still not convinced we can get by without a lot of trusted computing stuff to have secure payments.