Moving to KVM because of Xen's XSAs...
Moving from Xen to KVM because we announce security vulnerabilities is like moving from a western country with a free press to China or Iran because of all the bad things you hear about the government. KVM doesn't have a security response process; you may not *ever* find out about vulnerabilities discovered in KVM, and if you're a cloud provider you certainly won't be told about them two weeks before the public announcement. On the other hand, every Xen user can know that in two weeks there will be security updates they should consider applying.
BTW Linode's performance numbers are misleading; instead of comparing 64-bit KVM guests to 64-bit Xen HVM guests (which use hardware virtualization support), they compare 64-bit KVM guests to 64-bit Xen PV guests. 64-bit PV guests on Xen have known performance limitations because AMD removed the segmentation limits (which is what Xen used to make 32-bit guests really fast before hardware virtualization support was available).