even though Android phones have offered web apps with different types of browsers for years.
Notice they didn’t say “and there are no incidences of spy software gaining access to their phones because of the lower security”
It’s a glorified website. I don’t see anyone being afraid of infecting their devices by simply visiting a url
“Tell me you don’t understand web apps without telling me you don’t understand web apps”
If anything, it makes the iPhone safer. If only one website renderer is used, you only need to find a zero-day in that one renderer to potentially infect all iPhones. Now that other web engines are going to be permitted, attackers will have to contend with multiple web engines. And you as user can choose to use a smaller web engine like Gecko in order to decrease the likelihood of being successfully attacked.