Sadly, this may apply to most people, at least until offline key storage is the norm. Too many people are prone to surfing the internet insecurely and downloading files on the same PC their wallets are on. When I tell people IRL they should have a dedicated offline device or hardware wallet, they look at me like I'm crazy. Most newbies aren't properly securing their wallets, and I honestly wonder sometimes how many ever will.
In a sense, Paypal/Paxos should be more secure than a typical exchange as well since they don't process customer withdrawals. That drastically cuts down on the frequency that private keys are handled and removes the need to ever use hot wallets.
This can be really bad for the future of Bitcoin. In 2017 Bitcoin community defended itself from the SegWit2x attack by clearly signalling that the users won't recognize the fork as new Bitcoin. But if in the future majority of Bitcoin users will only own custodial Bitcoin and won't know anything about the technicals of Bitcoin, it would be easy to hard-fork the network if miners will be onboard.