Raspberry Pi OS started to secretly (!?) adding Microsoft proprietary package base, access to their servers, by default.
Security consequences? tl;dr; ... Microsoft gained root access to millions of Rpi users without their consent or awareness. From the outside. This is bad, but it is actually much worse since from the inside they already have full control of your Raspberry Pi regardless of operating system of your choice. Linux/BSD/* can't boot without proprietary Microsoft owned real time OS.
Most of the RPi users probably just don't care, others are naively assuming they are running FOSS software. Well, a part of it is, a part not. Not as bad as Android, but still. You can peek into the code, but at the end, Google, or lets say corpo world, is/are fully in charge of our mobile devices. Mainly with services.
After recent Chromium improvements, this is yet another loss for (Linux) community and FOSS in general.