If you care about security in the slightest, turning off Secure Boot—on any computer, PC or Mac—is a very bad idea. The real solution is to make (encrypted) backups and keep them up to date.
With T2 disabled, anyone technically inclined can fuck with your Mac, and anyone who gets your password (say, after fucking with your Mac) can decrypt your disk (you’ve enabled disk encryption, right?). Likewise, Secure Boot prevents anyone without physical access from trying to install os-level malware on your Linux/Microsoft box. Microsoft has required Secure Boot support from OEMs since Windows 8.
Unless you know exactly what you’re doing, keep T2/Secure Boot on.