As someone who uses systemd, "boot security" is pointless. If someone has enough access to your hardware to try booting a different kernel, they have time to load a signed shim that passes secure boot and launches unsigned code.
The only boot security real users need is disk encryption.
"on a system not configured for boot security, you get no boot security" is indeed correct. If you care about boot security, your local platform doesn't give you the chance to boot custom kernels and not passing secure boot doesn't give you decryption keys.
An adversary can usually only modify code that executes in the boot process if they already have root privileges, or if they have physical access. In either of those cases the game is already over anyway.
Encrypted disks saves you from an unsophisticated attacker. Also, full disk encryption enables the feature of using a power plug switch as a ”lockdown mode” button.
Isopropanol is relatively safe to drink in small amounts (single digit mL). It's only about 2x stronger than ethanol, and your liver metabolizes it to acetone, which is safe.
Denatured alcohol contains methanol, which is way more dangerous since you metabolise it to formaldehyde.
Source: I unknowingly got drunk on IPA fumes before work one time and wrote some really bad code
Methanol is indeed quite toxic but it is not the only denaturant. There are many others [0]. When methanol is used as a denaturant, special labeling is required [1]. Most of the denatured ethyl alcohol I've seen in pharmacies in recent years has not contained methanol but merely bittering agents, because methanol is so dangerous.
The only boot security real users need is disk encryption.