UPDATE: Microsoft contacted me regarding the premise of this story and confirmed that security had nothing to do with the decision to use Linux in its MCU. It was, as I suggested, the right tool for the job. I received the following quote:
"Microsoft is a multi-platform company, and has been for years. We chose Linux as the OS for two primary reasons: 1) the size of the OS footprint and 2) needs of our silicon partner ecosystem. The custom Linux kernel found in Azure Sphere has been optimized for an IoT environment and shared under an OSS license so that silicon partners can rapidly enable new silicon innovations. In comparison, Windows IoT runs on microprocessor units (MPUs) that have at least 100x the power of the MCU. Windows IoT is a powerful OS for traditional embedded devices such as gateways, ATM machines, Point of Sale devices, digital Signage media players, Kiosks, and new sets of embedded devices such as smart thermostats, robots, wearables etc."