Has a horrible choice of base OS for security and they don't do any significant work to improve it. They do not do any significant hardening beyond application changes and trivial configurations you can do in other distros. A lot of the efforts for Linux kernel hardening on both Whonix and Kicksecure were halted and then undone when the developer responsible for most of it left the project, therefore, it got worse over the years...

Their developer also pushed misinformation about allocator hardening and dropped using hardened_malloc (hardened memory allocator used and created by GrapheneOS, a significant exploit protection). Their recommendations appear more out of software freedom movement dogmas than a security researcher perspective. Some tables on the wiki make comparisons seemingly out of imaginary scenarios or remove context to what they source.

The Whonix distribution routing everything to Tor has a valid point, but you're just using a non-hardened Debian OS routed through Tor. Qubes users are very reliant on the hypervisor to protect them when using it. The security of the operating systems in the VMs also matter.

Making an equivalent out of a distro like an immutable Fedora distribution or Arch would outclass it very quickly. There are projects that do a lot of great effort to start, like Secureblue: