[2] It may also include their configuration files of preferred settings for any software they have used there and might have tailored to their liking: web browser bookmarks, favorite desktop wallpaper and themes, stored passwords to any external services accessed via a given software, etc.
Furthermore, Trojan horses, viruses, and worms running under the user's name and with their privileges will in most cases only be able to alter the files in the user's home directory, and perhaps some files belonging to workgroups the user is a part of, but not actual system files, reducing the chances of harming the functioning of the operating system.
[4] The file /etc/xdg/user-dirs.defaults on many Linux systems defines the subdirectories created for users by default.
Creation is normally done with the first login by Xdg-user-dirs, a tool to help manage "well known" user directories like desktop, downloads, documents, pictures, videos, or music.
In many built-in commands, typing the ~ (tilde) character is equivalent to specifying the current user's home directory.