Yes, Qubes is only as secure as Xen which, itself, has had some pretty big security flaws pop up [1].
At the end of the day one has to decide what kind of trade offs they are willing to make in order to balance simple UX and security.
For Qubes 4, they are planning to deprecate the Xen paravirtual drivers in favor of the HVM drivers. These drivers are much more battle-tested and less complicated than PV drivers.
Also, with their recent foray into enterprise support, they will hopefully be able to expand their auditing efforts in the next couple of years.
And, in turn, as secure as the hardware, with ROWHAMMER giving means to flipping bits in arbitrary memory locations, including recent work showing that one VM can flip bits in another.
Also, with their recent foray into enterprise support, they will hopefully be able to expand their auditing efforts in the next couple of years.