The opposite is true, isnt it? Nostr has a disproporitiately high attack surface of the web, compared to the rest of it, in terms of utility and scale.
Discussion
The more software you are running on a computer, the larger your attack surface, generally speaking.
Well, yes. But you reduce the attack surface most by turing off nostr. Not by turning off the useful tried and tested parts. You gain the full utility by turning on all. The attack surface of nostr despited being less than 0.001% of the web, is disproportionately high.