Definitely look for a 2nd hand one, you'll have less issues.
Don't go toooo old as some had wifi issues back in the day (no / partial drivers)
There's a lot of refurbs by major brands (ie Dell) that are ex-corp lease models with some kind of warranty (which won't cover the battery) because of the Win10 purge.
I think the GPU is the main issue if you're wanting to play games... and as others have said, gimmicks like touchscreens and fingerprint readers can be hit & miss.
I've installed Mint on Lenovo, Dell and HP laptops with no major issues.
I have a laptop, NAS, Pi and some VMs running Arch - all updated by Ansible, most setup by Ansible.
It's fine.
However, you'll need to manually do a
pacdiffoften to check if something's had an updated config file...And if you're using the AUR, Ansible can use that too, but you just need to keep an eye on those packages in case something else needs tweaking (not to mention getting an AUR helper installed in the first place)
Re: security - it depends... usually, if you're not using something you need to shut it down for security.... with Arch, just don't install it in the first place. So if you don't need an SSH server don't install it / remove it ( I don't recall if OpenSSH is installed by default TBH)
You could setup a firewall, but, are you using hostile networks?
Just ensure
roothas a good password and you've not done the Ubuntu thing of removing the need for a password to usesudoand you'll be fine in most situations.... maybe a password protected screensaver for when you leave your laptop alone at Starbucks...