They mention it later in the article; if they drop connections to internal networks from the graph, Linux shoots up all the way to 97%.

The answer is probably that people that run Linux are far more likely to run a homelab intranet that isn't secured by HTTPS, because internal IP addresses and hostnames are a hassle to get certificates for. (Not to mention that it's slightly pointless on most intranets to use HTTPS.)