Fair point but Linux is inherently safe either? The local library here has client PCs running Ubuntu 16.04 lts.. my point being that IT infrastructure is only ever as secure as the amount of continuous effort you put into securing it. Linux doesn't solve that.
I'm not the best person to explain, but they're distros with a read-only root filesystem. In some implementations, any changes, like installing a new package, or upgrading a version, can be interpreted as migrating a system from a state to another. This can mitigate some security risks and make machines easier to maintain.