I noticed Debian does this by default and Arch wiki recommends is citing improved security and upstream.
I don’t get why that’s more secure. Is this assuming torrents might be infected and aims to limit what a virus may access to the dedicated user’s home directory (/var/lib/transmission-daemon on Debian)?
It helps protect you because if the application in question is compromised in any way (or has a flaw, i.e. an accidental
rm -rf /*), the only access it has is limited to the user it is run as. If it is run as root, it has full administrative privilege.