Key takeaway: Consider your /etc/shadow to be containing essentially plain text passwords.
-> Don't reuse Linux login passwords for anything else
-> Encrypt your system partition (and be sure to configure a sensible key derivation function when setting it up using cryptsetup, I don't think they use sensible defaults yet. In other words: Tell cryptsetup to use Argon2id and optimise --iter-time and --pbkdf-* to be as slow and memory consuming as acceptable)
Generalistic and moderated instance.