Yes, Debian - and Ubuntu, for that matter - have some pretty bad defaults in some places. Having users' homedirs UGO rwxr-xr-x is pretty bad.
The defaults should be secure with explicit unlock steps for those that know their environment well enough that they can explicitly relax some restrictions.
The defaults should be secure with explicit unlock steps for those that know their environment well enough that they can explicitly relax some restrictions.