So for those informed, ChromiumOS follows a similar development model to AOSP:
ChromiumOS (open source) --> Development --> ChromeOS (closed source) --> Public Release
ChromeOS is known for being quite secure (among security researchers, at least) despite desktop security being fundamentally broken. It takes a more mobile-based approach to security to accomplish this. Privacy is still a major concern, however.
A desktop OS that is private, secure, and useful on a wide variety of hardware would definitely become a popular choice.
A project of this type would require using the Linux kernel, at least initially. I understand that the GrapheneOS developers want to move away from this. It would also require some reliance on GNU software.
I know that the GrapheneOS developers are very busy, so I'm just offering this as a suggestion.
Here are some possible features:
Hardened memory allocator
Stronger full-disk encryption
A stronger verified boot chain
Play Store compatibility layer
Removal of telemetry & included Google apps