Browser engines have become so complex that each ultimately represents a massive attack surface. I think, rather than trying to pick the most secure browser (which may change over time) instead:
* Stick to one browser engine per device as much as possible. Two at the most.
* Isolate installed browser engines as much as possible (i.e. Qubes or mobile operating system levels of sandboxed or virtualized isolation, not just containers or flatpaks for dev-environment tidiness and separation).
* Connect end-user devices with browser engines installed to the Internet only while actively using the Internet.
* Stick to one browser engine per device as much as possible. Two at the most.
* Isolate installed browser engines as much as possible (i.e. Qubes or mobile operating system levels of sandboxed or virtualized isolation, not just containers or flatpaks for dev-environment tidiness and separation).
* Connect end-user devices with browser engines installed to the Internet only while actively using the Internet.