I think it's more a reference to Spectre and Meltdown and Rowhammer and a bazillion other hold-my-beer attacks that have never, ever been used in the wild but that everyone pays the price for by having their CPUs slowed down by the countermeasures. Applying Unicorn Repellant is fine when there's no cost, but it definitely has a cost in these cases.
The same way I'm fairly sure that no-one's ever been attacked by a unicorn. There could be lots of unreported attacks, but I'm pretty sure there aren't any actual ones.
What we do have is millions of actual, real-world attacks (see any security body's top-ten list) that we aren't mitigating because we're too busy focusing on silly attacks that no-one ever uses.
