He works for an AWS consulting company, where they promote cloud native solutions, driving cloud spend towards AWS. In many cases, managed cloud services are actually the way to go.
However, to say that serving multiple customers with Apache is "insecure" is inaccurate. There are ways to run virtual hosts under different user IDs, providing isolation using more traditional Unix techniques.
As always, "it depends" on the application. So I've worked for several B2B SaaS companies. None of them used a VM per tenant. In some cases, we used a database (schema...) or DB cluster per tenant.
I've read about the Vercel incident. Given the timeline (22 months?!), it sounds like they had other issues well beyond shared hosting.
There is a difference between a SaaS offer where you are running your code and serving multiple customers on one server/set of servers and running random customer code like Vercel.
However, to say that serving multiple customers with Apache is "insecure" is inaccurate. There are ways to run virtual hosts under different user IDs, providing isolation using more traditional Unix techniques.