I think I get it more based on your explanation. Essentially, because the potential exploits rely on a larger variety of configurations, it's unlikely that any widespread exploits would take place; the work just wouldn't be worth it.

More likely that they would focus on the largest subset, hence leading to security through variety.