I personally don't care about "security" all that much, my main reason for using Graphene is freedom to use my hardware in any way I wish. This means unrestricted ability to run any program on the phone from any source. Sideloading restrictions don't apply to Graphene, and it is also impossible for state actors to impose things such as client-side scanning of text messages. It's also immune to unwanted AI anti-features.
I use my own "cloud" infrastructure with my phone and I am not interested in using Google's. My Graphene device is configured to route all traffic through Wireguard tunnel and my DNS server. I also use exclusively use my own email server and "cloud" storage for all non-work related purposes. Graphene makes this easy by not leaking any information to Google.