If you’re really worried, .blend files definitely are an attack surface. Most exploits in browsers are due to bugs in parsers written in unsafe languages (C/C++), but it’s also common for popular “offline” applications such as Adobe Reader to be targeted in this way. It’s likely that similar issues exist in Blender and many other less popular applications, but they aren’t necessarily actively exploited.
I believe it should be the most important question for Linux* users before using Blender.
- Windows users and security? That’s strange.
Don’t fool yourself, by default Linux is just as vulnerable as any Windows or Mac OS X installation towards application exploits. In fact, if you stick to sandboxed Windows 10 store apps, you’re better off than on vanilla Linux (but those applications are more limited as well).
What really is protecting you is the amount of effort required to create and spread an exploit. Using an unpopular application like Blender on an unpopular operating system like Linux makes you an unlikely target.
My assets are digital, if I lose them, there will be nothing valuable left.
The solution here is reliable offsite backup, not protection against malware. It’s much more likely that your computer is stolen or goes up in flames than you becoming a victim of the first documented case of malicious .blend files.