I noticed Debian does this by default and Arch wiki recommends is citing improved security and upstream.
I don’t get why that’s more secure. Is this assuming torrents might be infected and aims to limit what a virus may access to the dedicated user’s home directory (/var/lib/transmission-daemon on Debian)?
Running any service as a dedicated user with limited permissions is more secure than not. It’s not just transmission. This is a very basic method of increasing security on any running machine. https://en.m.wikipedia.org/wiki/Principle_of_least_privilege