It's a single user OS that runs everything in ring zero by design. I'm not sure, definitionally, that it can have security vulnerabilities. I... guess maybe code execution on exposure to an untrusted floppy disk filesystem?

Look closely, you'll notice there's no network interface. The only vulnerability in a system like that is physical access by malicious individuals.

About the worst mal-ware it can have is a boot sector that installs a "terminate, stay resident" (TSR) that copies itself onto any floppy that gets inserted.

To see what decisions they made. Like any historical document. Aim to understand the people of the time.