Intuitively this seems plausible. In particular, I'm guessing that return-oriented programming is more difficult in a build with fewer libraries. And just having a custom build based on musl libc, as opposed to the omnipresent Debian and Ubuntu images, might throw off some attackers. I'd appreciate input from a real security expert though.