Some 20 years ago when I was first introduced to it they said “it’s secure because hardly anyone writes malware for it”. Which was always a stupid argument.

Anything being secure is a common misconception.