Unless PG is trying to become a software review site, it should not recommend insecure products. I would rather see a page that says “we cannot recommend a good one, come to the forum to see community preferences” than giving a “This page has good private and secure recommendations similar to other pages on the site” impression.
More to the topic, video players have terrible codebases (FFmpeg and a thousand fixes - gynvael.coldwind//vx.log), and use libraries that are worse, while being hosted in the personal castle of the users (their home network) with access to often unlimited internet and protected by ISP provided routers (lol). All this means phishing becomes easier (videos are not just films and shows, it is also shared files), shotgun sprayed malware becomes easier, etc.
Additionally, using platform features (not just security features) shows the project is trying to be good software and not just “also ran” software (a trivial example is why I keep material you design as the base requirement for good android apps).
No solution is 100% secure, but I think PG shouldn’t peddle the same tired stuff shilled in every FOSS software thread in the name of privacy.