electrum should protect its users. If op run electrum and it says "No. You are using old version and it has been hacked. It has been fixed in the latest version. Download the latest version from electrum.org" then we dont have topics like this
What kind of software doesn’t tell you when important updates are required?
And what happens when the centralised update server gets hacked... broadcasts a spam to all users that they need to update to new version and all the users blindly trust that because "it is the Electrum update server" and download a malware wallet and lose all their funds? You'd all be asking "why Electrum have forced update notification?"
"Be your own bank" implies "Be your own Bank's security department as well". Everyone is all about the "freedom" of Cryptocurrency... no-one seems to want the added responsibility that comes with that freedom.
There are ways and means to protect yourself... and the easiest is to ALWAYS verify the digital signature of the Electrum installer (or portable .exe). Even when I have downloaded it from Electrum.org, I will ALWAYS verify the digital signature of the downloaded file to confirm it is legit.
So, even if I had received the spam message, ignored the fact it redirected to github instead of the official website and downloaded the malware installer, I never would have installed it... because the malware installer would have FAILED the digital signature verification.