That's not as crazy as it sounds, because the problem they were trying to address was website security against threats from the internet.
As long as the underlying OS is secure enough that attackers can't get in via something like a buffer overflow in the TCP code, website security is almost entirely a matter of web server application security.
A well written web server application on Classic Mac OS then could be more secure than a less well written web server application on a more secure operating system such as NT.
