after talking to some folks smarter than i am, the conclusion is that the os keyring is theater on linux anyway. any app running under your user can access anything in it.
so the answer is precisely "linux desktop insecure", and the only thing you can do is to isolate or sandbox it (flatpak, bwrap, dedicated user, vm, etc)