Facebook has always recommended "friends of friends" as potential new friends. I never follow up on its friend recommendations.
Generally, I pick friends that I actually know in some context. If I have looked for them and want to interact with them, I will 'friend' them. Unsolicited friend requests generally get rejected. My settings are such that only friends of friends can send me a friend request, but some of my friends are indiscriminate in who they allow as friends, so being a friend of my friend is no guarantee that they are someone I want to talk to.
Then you get the trolls ans bots who try to get around the rule of only accepting friend requests from friends of friends. If I make a public post, they will post that they "like what I post", and that their friend request wouldn't go through, and would I please send them a friend request. The wording is so vague that it is obvious that they have never read any of my posts. They are just trying to get around my block so that they can harvest my friends list. The profile is always a middle-aged white guy, usually military or ex-military, with lots of photos and no text. All stolen, of course. Those posts get deleted and the poster blocked.
By wary of friends who have public friends lists. They are how the randos find you. I know of people who will un-friend anyone who has a public friends list, no matter how well they know the person, just because of the security risk.