You can use profiles if you want different use cases. I dont think “increased attack surface” is the biggest problem, but you have 2 browsers that are both updated, take up RAM etc.

You could just use different Firefox profiles, using a custom desktop entry with actions and one action for every profile, example:

[Desktop Entry]
Name=Firefox
Comment=Web Browser
GenericName=Web Browser
Exec=firefox %u
Type=Application
Icon=firefox
Categories=Network;WebBrowser;
MimeType=text/html;text/xml;application/xhtml+xml;application/vnd.mozilla.xul+xml;application/rss+xml;application/rdf+xml;image/gif;image/jpeg;image/png;x-scheme-handler/http;x-scheme-handler/https;
Actions=Private;Work;PrivateWindow;Insecure

[Desktop Action Private]
Name=Open Private Profile
Exec=firefox -p private %u

[Desktop Action Work]
Name=Open Work Profile
Exec=firefox -p work %u

[Desktop Action PrivateWindow]
Name=Open Private Window
Exec=firefox -p private --private-window %u

[Desktop Action Insecure]
Name=Open Insecure Profile
Exec=mullvad-exclude firefox -p insecure %u

This was so cool to find out, and in KDE (and likely other desktops) you can access those actions using right click.

You can also change such a workflow to do

launch app && rm -rf ~/appdirectory which will enforce to always delete everything without needing to trust that app. I do that for the flatpak app “Decoder” which is great but wants to save a history without an opt-out, and as I use it for password sharing (generate a QR code locally on my phone)