This looks more like distinguishing between “normal” users and “advanced” users, not directly connected to threat modeling.
The issue here is that non-technical people are overwhelmed by reading (technical) recommendations. They often don’t understand why something was recommended in the first place, and then they try to stick with recommendations if they think that the recommending party is somewhat reliable.
However, some privacy-/security-focused websites list contradictory recommendations. For instance, one blog tells users to stay away from DuckDuckGo. The blogger wrote DDG is bad since it is based on Amazon AWS and AWS is a service provider for the American CIA. On the same webpage, the same blogger recommends Signal, which is also based on Amazon AWS. Moreover, this blogger collects donations via Amazon PartnerNet (based on Amazon AWS), and publicly admits to use Amazon.
In the end, a reader is totally confused. The same happened here: Wire got delisted for being owned by an American holding. Now, some people are confused because PTIO still lists Signal, Keybase, and other services which are also American-based services. There is no “why” included, and there are many myths out there.
We already suggested that recommendations should always tell readers the “why should I use this”, and we will implement this ourselves. However, there are some people saying that threat modeling isn’t something “normal” people should see or do.
So there seems to be no easy solution here. Anyway, we should keep in mind that technology is only one part of information security that needs to be addressed. People also need to address the human factor and implement processes. Installing arbitrary software due to some recommendations doesn’t make someone magically more secure.