Depends on your system. Desktop have different requirements than servers.
On both at minimum, I'd keep /home and /var/log separate. Those usually see the most writes, are least controlled, and so long as they're separate partitions they can fill up accidentally and your system should still remain functional. /tmp and /var/tmp should usually be mounted separately, for similar reasons.
/boot usually keep separate because bootloaders don't always understand the every weird filesystem you might use elsewhere. It would also be the one unencrypted partition you need to boot off of.
On a server, /opt and /srv would usually be separate, usually separate volumes for each directory within those as well, depending how you want to isolate each application/data store location. You could just use quotas; but mounting separately would also allow you to specify different flags, i.e. noexec, nosuid for volumes that should only ever contain data.
/var/lib/docker and other stuff in /var/lib I usually like to keep on separate mounts. i.e. put /var/lib/mysql or other databases on a separate faster disk, use a different file system maybe, and again different mount options. In distant past, you'd mount /var/spool on a different filesystem with more inodes than usual.
Highly secure systems usually require /var/log/audit to be separate, and needs to have enough space guaranteed that it won't ever run out of space and lock the system out due to inability to audit log.
Bottom line is its differnet depending on your requiremtns, but splitting unnecessarily is a good way to waste space and nothing else. Separate only if you need it on a different type of device, different mount options, different size guarantees etc, don't do it for no reason.
Sure. Whether they’re effective and actually able to execute is another question.
A simple way might simply be to put an actual executable in the file instead, and when a user double clicks to open it it’ll run instead. Or there’s stuff to hide in metadata that could exploit particular players, or even some OS preview systems, and get execution that way.
But…..really pretty unlikely. Possible definitely, but you’d have to go through a lot of effort to get hit by something.