I've been writing about how various aspects of appliances contribute to the overall security of the product. I was talking about "real," physical appliances, but most of what I wrote also applies to virtual appliances -- a product running as a guest image under a hypervisor -- as well. For example, the issues of having no "extra parts" to be attacked is still important, and an important benefit.
But a virtual appliance has other specialized security concerns that physical appliances do not: the hypervisor. While hypervisors isolate systems from each other, and allow greater utilization of the underlying system, Quis custodiet ipsos custodes?
(Who will guard the guards?) Put another way, a virtual appliance can be no more secure than the hypervisor on which it is running.
For example, when first creating an instance, the host container will provide a UUID
to uniquely identify that instance. We can use the UUID to generate an encryption key, and use that key to encrypt the virtual disk. If the hypervisor is compromised, however, a third-party can be told the UUID and get complete access to the virtual disk. The security assurance that the data is protected, and that the instance will not be moved, cloned, and run elsewhere, is gone.
Is this a concern? I don't know. An internet search for "hypervisor attacks" turns up thousands of hits, including this one from last year that talked about some hypervisor security tooling
developed by IBM and NC State.