Although a security hole would exist, it would exist inside the application itself, meaning that in order to gain access to the system, one needs to then attack that program first. Furthermore, the application may not even use the feature of that is part of the library.
Many security holes can 'disappear' when statically linked, simply because the linker removes unused code, unlike a dll. Also the application may have some extra checks in their code that ensures that 'bad things' don't necessarily occur when a call is made to an 'unsafe' function (eg strcpy()).
In short, statically linking:
~ forces attackers to attack a particular program (and not a suite of programs that use a dll)
~ may reduce the attack footprint because the linker removes unused code