I don't know. Implementing a browser in a browser can make XSS potentially bad, and I think it even lead to full on RCE in the earlier days of Brave/Electron. Still happens, I think (though to a lesser extent these days).
There's also the difference in time between committed patch and end user having a new release in the case of a critical vulnerability, for instance.
Using an embedded browser framework introduces many intermediate parties, some (many?) of which might not have being up to date with the upstream as a priority – which leads to a weakened state of security in the "browsers" downstream.
Also, it kind of makes sense: You'd effectively be implementing a browser (or the GUI thereof) in a browser.