Can you expand on that a bit? I don't think its true. Yunohost has a firewall, fail2ban, user management, access management for its installed apps and documentation on the topic: https://yunohost.org/en/security

I am not the poster, but the comparison with sandstorm leads me to believe that they meant sercurity as in service isolation, e.g. running potentially unstrusted services in one system.

IIUC yunohost correctly they help to deploy and manage services in a more traditional way and assume that each service is trusted and they aren't that rigerously isolated from each other.

Yes, that's what I was referring to. With Yunohost if a single service is compromised, then they're all compromised. That makes for a large attack surface that grows with each app you install.

That's not entirely true. Every service runfs as it's own user with (mostly) only access to it's own data.

That was best practices in the 2000s.

Today best practice is using the zero trust security model and sandboxing everything.

You might be surprised by proxmox with turnkey Linux images, or rockylinux containers