The email in question actually addresses one of the first, if not the first, x86 hypervisor product, Xen, relying on both my memory of the time (I did some work with Xen in the mid aughts) and Wikipedia: <https://en.wikipedia.org/wiki/Timeline_of_virtualization_tec...>.
The Xen hypervisor itself was pretty minimal, as I understand mostly serving to time-slice CPU cycles among guest domains and partition memory access. As a contrast to VMWare, device access and drivers were handled by the guests themselves.
As such, the attack surface of the Xen hypervisor itself is fairly minimal. Most security issues seem to be denial of service vulnerabilities, though there are some privilege escalation, access, information leak, and overflow issues listed:
<https://xenbits.xen.org/xsa/>
I generally respect de Raadt's expertise and instincts, though he may have been over his skis here.