NXR7
Recycles dryer sheets
You have fundamentally misunderstood the risk. It is incredibly common for someone to gain remote access over your laptop or other device due to unpatched browser software or other methods. There are many "no click needed" hacks available and one of the biggest attack vectors is people who click blindly on the first link that a search engine returns, thinking it is the legitimate site.I don't understand the rationale behind not allowing "trust this device". The vast, vast majority of hacking is done remotely, by bad guys sitting in Russia, Nigeria, etc. Not allowing "trust this device" is meant to prevent someone with physical access to your device from logging in to, say, your Fidelity account if they don't also have physical access to your phone (or Yubikey, etc.). It makes no sense to me to have Fidelity not trust the browser I use from my Windows desktop or my Linux laptop, as those devices are under my physical control at all times.
TL ; DR: It is quite safe to enable "trust this device" for websites/apps you access from devices that you have physical control over.
I ran the cybersecurity teams for a large bank and a large insurance company and we always had customers who had hacked laptops and phones where someone else was in control and they had no clue.
No, it does not matter if you apply patches the instant they are available. It can take weeks to months for companies to develop, test, and distribute updates and they still get it wrong. That is a major window of opportunity for criminals.