A unikernel is running a single process in a single address space. So yes, if you compromise the app you compromise the whole system but the whole system is the app.
That's not entirely true in practice. I'm currently playing with rump kernels deployed on top of seL4's hypervisor to give my platform the security posture of a unikernel inside the security posture of seL4 VM isolation.
You could potentially compromise the rump kernel, but you still wouldn't be able to break out of the VM's isolation context.
On top of that, you didn't get to reap the benefits of any of the protections you get from a proper Kernel like Ring 3 execution, NX bits on pages, guard pages on the stack, etc.
