As a casual PC user, I took a look at apparmor.d project. First, the project owner is really maintaining the project with great dedication. But almost all of the profiles in the project are installed on complain mode by default, so I thought it would be a matter of trial and error for users to determine which of the hundreds of profiles would be stable on enforce mode. Users will have to take care of reporting their findings back to the project owner, if they are not too lazy. Moreover, the onus seems to be on users to guess which system applications, DEs applications and services that will be started in the future correspond to which of the hundreds of profiles, and whether it would be wiser to set those profiles to enforce mode or leave them in complain mode. I think that casual users have neither the knowledge nor the experience to guess these things. It is also expected that apparmor.d will be builded and packaged from source by the users themselves. The profiles in the source repository are always updated, AUR package may be updated by itself, but other packages may need to be updated by users. To install profiles under enforce mode, the package needs to be build according to this criterion. It would be easier for casual users if there were three prebuilt packages for default, enforce and full system modes. Finally, even with the package installed on enforce mode, hundreds of profiles are loaded on complain mode because they are unstable, and the AppArmor version on Arch Linux has been outdated for months.
In short, as long as the process of installing apparmor.d and updating profiles is not made easier for casual users, I think the concept of secureblue will continue to be more user-friendly. IMHO, it could be clarified how other internet browsers (Brave, Firefox, Tor Browser, etc.) should be installed and whether bubblejail should be used for those browsers.