It all depends on the environment. If windows is already running on every PC in the building, it may make more sense to have these signs run windows too. You can put copies of the security software you're already paying for and allow for approved AD users to login and manage the signs. Windows is a great attack vector but there's less risk if you're in control of it versus some vendor solution that you can't audit as easily. The fact that you don't have a user going to malicious websites or plugging in malware flash drives probably reduces the risk too. If you already have 1000 windows machines on the enterprise network, what's a few more?
Having worked with these systems before, most of them are appliances meaning no, we did not AD join them or install our security software.
Windows was running because Linux was too hard for vendors.
Linux is also a PIA for non-server application.
I’ve spent several days getting my screen to stay on for a Linux driven display.