Most of us are running Home Assistant on a Linux based machine, including anyone using hassos which is Linux based. Unless your home assistant install is firewalled off from the internet, it’s still vulnerable to these malware attacks unless you secure it properly.
And based on this post, many home assistant installations are not secure, with people just port forwarding 8123 out to the internet with no security.
This was a good post about properly securing Home Assistant.
I agree with the point of your post though that one (properly secured) Home Assistant instance on the internet is definitely safer then a house full of individual wifi devices all individually connected to various vendors on their own though. Especially since manufacturers rarely provide firmware/security updates, and consumers are even less likely to install them. It just takes one of those devices to get infected to compromise your network.