All your points are valid, and I agree with most of them except maybe advising people to use Testing ;)
From a security point of view, Testing is dead last in Debian’s vulnerabilities fix order of priorities after SID and Stable, and fixes in general except when the next release is being freezed. I’ve undergone breaking changes and regressions weekly on Testing, dependency issues that took forever to get fixed, and the year or so I’ve spent on Testing was miserable. Testing definitely has its purposes, but daily driving it on a laptop should not be one of them.
I understand the issues you’ve got concerning Flatpaks and how it goes against a distro’s philosophy, but I think, from a “normie”'s POV, it’s still miles better than the classic “download a random exe from a random website and never bother having to uninstall and reinstall it every week to keep it up-to-date” windows paradigm. Flatpaks are mainly a solution for developers and package maintainers (package once, distribute everywhere), but it benefits the end users. You get to use “the same version as everyone else”, always up-to-date whether you’re on Debian or on Arch, compiled against a known version of all dependencies so bug reports are more consistent and avoid weird distro-specific behaviors.