if you're using a desktop env that's not at least somewhat customizable, you're just begging to be owned by some vulnerability in gnome/kde's ancient codebase. i swear, just use dwm or i3 and be done with it.