I think the difference is that in Linux (and most loadable module
systems), it's quite easy for an attacker to clandestinely load a
module. All they need to do is bring the .o file over, insmod it, and
then remove the .o file. The attacking module cloaks itself, and the
only trace left is in the kernel memory itself. Even that might not be
visible if the module is stealthy enough. You're in a lot of trouble
if you can't trust your kernel.
Installing a whole malicious kernel, as far as I know, requires
rebooting the machine to load the new kernel. A good sysadmin will
note when a machine reboots for no good reason and investigate. So
loadable modules make it easier to hack a running kernel. This isn't
big news, and shouldn't be considered a Huge Security Flaw. It does
give one pause, though.
It gets a bit trickier to clandestinely install a malicious module
that will survive a reboot - you have to put it in the filesystem
somewhere and ensure it's loaded at boot time. I imagine there is a
way to do this stealthily, but hacking the kernel image itself is
probably easier.