I think he was driving at the idea that people who make malware tend to go for larger ecosystems.

The reality is that everything you do on a network involves some form of risk. You can mitigate these risks by performing tasks in a standardized way using only approved software, but a packaged Zero-Day that's tuned for your environment will generally succeed.

Getting a Kaspersky Payload isn't that hard to find any more; preventing hackers from knowing what anti-virus you're running is your responsibility.

In short, everything is about risk mitigation. Running the same software as everyone else exposes you to the same risk.

By the way, this point is tangential to the larger point at hand which is: Apple doesn't care about its developers.

I don't see how any of what you said is relevant. The distribution mechanism (Mac App Store) has absolutely nothing to do with everyone running the same software. And in fact the required sandboxing (one of the alleged problems with the Mac App Store) goes a long way to mitigate a lot of risks in remote exploits.

If the Mac App Store had a grand total of 5 apps then I could see where you're coming from, but it launched with over a thousand apps and it's had 1.5 years since then to acquire many more. There's no monoculture.