most SPV clients (all clients based on BitcoinJ) only ever connect to nodes returned by the centralized DNS seeds, and there are fewer DNS seeds than Stratum servers. So Electrum is more decentralized,
We're comparing 5 seeds tracking thousands(?) of full nodes vs 14 Stratum servers... 14 > 5, and 1000 > 14—it's difficult to judge which is more decentralized IMO.
and they [Stratum servers] are also not vulnerable to Sybil attacks, which the DNS seeds are not smart enough to provide much protection against.
That's a good point, but conversely collusion among Stratum servers, with their small count, is easier (and likewise for dns seed servers).
I think it's too hard a comparison to reach a conclusion of one method being more "secure" than the other. Of course, the factoid doesn't say "more secure", it more carefully uses "perhaps somewhat more secure", so if you still think "or header-only clients" should remain, I'll just drop this