I noticed Debian does this by default and Arch wiki recommends is citing improved security and upstream.
I don’t get why that’s more secure. Is this assuming torrents might be infected and aims to limit what a virus may access to the dedicated user’s home directory (/var/lib/transmission-daemon
on Debian)?
Not of which I’m aware. Transmission is more intended to run on a server though. You certainly can just run the local GUI, but it can run as a daemon on a server and then you can use a web interface or app, so its working more on a server v user app paradigm (Everything on a modern server like that is gonna run as its own user)