I switched my work PC to Pop a couple months ago and seriously gave Cosmic a try.
I had issues with it remembering screen positions and monitor settings would get reset to default on every boot. I installed KDE last week and it was like changing to a comfortable pair of shoes. Everything magically started working exactly how it should.
If the end user can arbitrarily sign code themselves that is bootable then it kind of defeats the purpose of secure boot.
The whole idea is that it makes it impossible to start if the chain of trust is broken.