I don't think that it is as important to patch
But it is the same codebase so it gets all the same fixes as part of the update - they would have to go out of their way to NOT patch security issues in it that are being patched for iOS.
They don't release the fast response patches for it like they do iOS & iPadOS, just the "regular" updates.
It would be a lot harder to attack and a lot less valuable if p0wned so I doubt anyone is out there actively trying to hack it. I suppose you'd get a foothold into someone's internal network that way, but it is much easier to do by attacking wireless routers that are generally not kept up to date. Especially once they are a few years old and any automated vendor patching has run its course.