I noticed Debian does this by default and Arch wiki recommends is citing improved security and upstream.

I don’t get why that’s more secure. Is this assuming torrents might be infected and aims to limit what a virus may access to the dedicated user’s home directory (/var/lib/transmission-daemon on Debian)?