The problem is for every person who wants to do this, there are hundreds (thousands?) who wouldn't want to - and these people are vulnerable various security exploits that would allow someone evil to take over their device.

This isn't just a made up situation: There are nations that have large teams of people who's job is to figure out how to get software installed on your device of their choice/make/design, allowing them to do whatever they want.

This isn't quite true. The Google Pixels allow me to unlock the bootloader, install my own system, and relock the bootloader. As a result, I run an alternative OS called GrapheneOS which is more secure than Android.

The fact that I can unlock and relock the bootloader is not a security issue or a risk. People who don't know what that means cannot possibly do it by mistake.

Now allowing root access to users on Android, that's a security risk because a user can be tricked into giving root access to some evil app. I don't have root access on my GrapheneOS, even though I chose to install it myself. Because it is more secure like this.

So it sounds like a fair compromise to me: they make Android the way they want, and if I don't like it I can install an alternative OS. Just like I can install Linux if I don't like Windows. What I don't like is that most Android manufacturers actively try to prevent me from doing that, and I don't like it.