Not true. Depending on your OS (sorry Windows users) your OS isn't collecting your personal data at every opportunity, and hopefully doesn't allow 3rd parties to push code to your devices without notice to you about what's been changed, and without any option for you to opt out of those changes.
You must have zero trust in a device where 3rd parties have full access to change whatever they want at any time and for any reason without your knowledge or consent. That's not happening for the linux server in my closet. It's probably happening for the windows 10 system in the living room, and it's absolutely the case for the phone next to me.
The same things that make your privacy vulnerable make your devices vulnerable.
It's currently impossible to secure a consumer cell phone. They were explicitly designed to collect and leak your data. When 3rd parties have access to all your data you can't secure it. When 3rd parties can push code to your device without any notice to you, at some point a bad actor will do the same. If you aren't allowed to see what your device is doing you can't see when it's being used by an attacker. If you don't even have permissions to the most important parts of your own hardware/software you can't do anything about it once you are compromised.
Cell phones are not private and they aren't secure and that makes them the worst kind of device you could insist on people using to replace their passwords.
You are concluding things from a false premise. Just because mobile phones are not zero trust devices (note that there is no such thing anywhere!) doesn’t mean they are not secure against malware. While iphones have a really good security and privacy story, I may get that with sufficient tinfoil hat-layers one might choose not to trust apple (though the only target vector would be a deliberate malware created and pushed by apple itself)
But there is also the Graphene project which runs on the Pixel phones, where you have complete control over the software. But the hardware will always be somewhat proprietary so you can’t have complete trust in that either. (And no, pinephone and alia just put closed firmware into the hardware not even allowing updating it, which is strictly worse than having it patchable)
Nonetheless, both of these options are orders of magnitudes safer than desktop OSs, as per my original statement.
No they're not. And if you're going to assert something (especially something that absurd) you should at least justify it with an argument.
I'm sure you're thinking something along the lines of "Android has an SELinux sandbox that prompts for permissions." You can run this on normal desktop Linux too though (I forget the command, it's a python script in the SELinux tools (or so) repo.) No one bothers because the distro repos are relatively free of malware and installing non-free software requires a small amount of understanding. This is, of course, considered "bad UX" for non-free software but that is in practice where most of the malware comes from on other OSes. (On Linux most f it comes from sloppy language specific package managers with a free-for-all mentality like node.js or PyPi but no amount of OS design can fix stupid devs without making their work impossible.)
SELinux is not a sandbox, and is just one part of the picture. Android also runs every app under a different user — and that is where SELinux can properly uphold its security barriers. Most linux distros even if they have SELinux enabled (e.g. Fedora) will run every user process under your user and UNIX’s default permissions are pretty much useless. So it is only security improvement for services.
You running npm install can potentially delete everything in your home directory, but a buggy application (even if opensource and made with good intention) can be exploited by evil data just as well. Just because your, say, PDF reader is open source it can be used to exploit your computer with an evil pdf file. So yes, linux desktops are orders of magnitude less safe than either Android or ios.