There are different ways to implement security, and I think this discussion of Torvalds' and ours is a sign that security ingrained within large monolithic kernels is a demoted (if not dead) model.
Hypervisors like Xen are at the forefront of security. They embody a sandboxing-done-right philosophy where the baremetal system runs only a small, dedicated hypervisor and all of the rich functionality is contained within VMs. In a system like Qubes, which adds an integration layer on top of Xen that is very small and tight and seals-off known avenues for VM breakouts, you get (mostly) the best of both worlds. Even hardware devices are virtualized in Qubes, and it works.
In this model, the hypervisor acts as a microkernel and the Linux/Windows kernels act as drivers and services. IMO, this is 'microkernels done right'.
Of course, any security model worth its salt won't engender a black-and-white view as Linus complains. One accepts that individual VMs that are exposed to risk (browsing remote web pages, for instance) may be compromised. But a compromised browser shouldn't mean a high risk of privilege escalation (the monolithic kernel disease) and having sensitive data stolen, or the system itself turned into a surveillance or attack platform -- any successful attack on an application should be contained by default.