And is Electron more secure? I guess it doesn't have hackers all around the world trying to find vulnerabilities.

Is that good or bad?

that does not apply to desktop app

Why not? Is it not using a VM for desktop app?

it is not the same security context between web/browser apps and desktop apps wether there is a VM involved or not.

A browser can load remote payload (not under user control) that can then exploit browsers flaw, Flash AVM2 flaw, etc.

On the desktop the user run a local exe/app which has de facto "full system access".

A bit surprised you don't know that, it's kind of basic ...