This argument is delusional.
Linux is not secure.
To elaborate:
Open source has no relation to security.
Grub, a core component of most distros, just had 73 security issues posted last month except they didn’t even bother to make a new release forcing distros to each manually pull the fixes in.
To quote the Arch maintainer:
Countless vulnerabilities, but no release management, no maintenance
branch, or whatever.
Grub maintainers aren’t even bothering to blacklist the binaries via the distributed secureboot dbx blocklist.
This time UEFI revocation list (dbx) will not be used and revocation of broken
artifacts will be done with SBAT only.
And many distros take many days to ship browser updates.