Yes. One thing is that dnsmasq is in reality only forwarding to forwarding resolver. Meaning that it is able to only forward to some other forwarding resolver. It is unable to contact root DNS servers on its own. This simplifies its design of course and allows its developers to do some shortcuts such as reliance on upstream forwarding resolver for DNSSEC root verification and so on. Problem is that in most cases those upstream resolvers are missconfigured in such a way that such setup and reliance compromises DNS resolving. You can solve that with forwarding to some other resolver server such as for example 1.1.1.1 but in case of dnsmasq there is no forced verification that this server is really providing you with valid DNS responses. Anyone on path to forwarded server can hijack its address, well at least in default configuration of dnsmasq. This is not theoretical attack. This attack already happened and cost some people a lot of money in cryptocurrency. Knot-resolver gives you possibility to not rely on some upstream DNS server it can directly contact root DNS resolvers. It also enforces DNSSEC authentication and that way ensures that even if you are forwarding that forwarding server was unable to change DNSSEC signed domains. This is not just some exercise in security. If someone hijacks your DNS upstream resolver it can replicate our old version of packages server with known vulnerabilities. Router in such case has no idea that something like that is happening and can downgrade packages and that way expose known vulnerability and open itself to attack.
Second thing is my own feel that dnsmasq violates Unix philosophy “do one thing and do it right”. Having both DHCP and DNS in one program opens you to various theoretical attack such as denial of both services by attacking just one of them or exploiting one service by penetrating other one. If you found a way to hijack DHCP it in general would allow you to just control dhcp, in case of dnsmasq it could also give you possibility to control dns.
I think that this credo violates basic security principles. Being liberal most of the times means opening self to attacks. I am not saying that it is completely wrong, I am just saying that it can’t be applied without considerations and should not be the primary credo.