In short, the idea is that the SNS subnet only hosts SNS canisters that run wasms that have been vetted by the NNS.
Also, this SNS subnet has a higher replication factor (more nodes) than other applications subnets currently do.
These two things should provide more security for the sensitive SNS canisters. This is explained in more detail in the original design discussion that was presented here.
Please let us know if you have further questions!