Every system call, every transition across the user/operating system boundary is an opportunity for the userspace program to exploit a potentially unknown hole in the underlying O/S. Why someone would choose to use an environment like this one is beyond me.
Richard Stiennon put it quite succinctly:
Windows has grown so complicated that it is harder to secure. Well these images make the point very well. Both images are a complete map of the system calls that occur when a web server serves up a single page of html with a single picture. The same page and picture.