A common refrain echoed around the Bitcoin community is that "BTC is more secure than BCH." This is one of those highly exaggerated statements based around an element of truth, and it needs to be debunked, because it turns out, for the majority of typical transactions, BCH is more secure than BTC.
What does "security" really entail?
There are two elements to Bitcoin security:
How secure are your coins sitting in a wallet?
How secure are your coins when you're transacting them?
The first point is easy. Nobody can steal your coins on either chain. Both BTC and BCH use secp256k1 ECDSA private keys and HD (hierarchical deterministic) wallets. Your coins stored in a wallet on either chain are equally secure. So, ironically, if all you want to do is "store value" by holding coins in a wallet, the two systems offer identical security.
The difference is the price
So this gets us to the important difference which is what people are referring to when they say that BTC is more secure than BCH: BTC has more hashpower than BCH.
First we need to ask, "why is that?" Is having more hashpower something that's intrinsic to BTC's design? The answer to that is "mostly not." Hashpower is simply a function of the size of the reward for finding a block. If BTC and BCH were to have the same payout per block, then they would have the same hashpower. A Bitcoin block (BTC or BCH) currenly pays 6.25 coins per block. At current market prices (around $50,000/BTC and $500/BCH), that makes a BTC block worth around $312K, and a BCH block worth around $3120. But if BCH was worth the same as BTC, then the payout of this subsidy would be equal.
It is true that as a result of BTC's limited block space, transactors are paying an additional $10-30K per block in fees, which results in more hashpower -- which presumably wouldn't exist on BCH with its larger block size. So that's why I rate the claim that BTC inherently has more hashpower than BCH as "mostly untrue" and not "completely false."
But the take-away is that BTC's hashpower advantage is almost entirely an artifact of its extremely high valuation. If BCH and BTC had the same price, they'd have roughly equivalent hashpower.
But as we'll see, the importance of this hashpower is wildly overvalued, and the block size is a double-edged sword.
The mythical 51% attack
The reason that high hashpower is valued is that it reduces the risk of a "51% attack." There's a lot of misunderstanding about this risk, and I want to clear up some misconceptions.
A miner who commits a 51% attack is very limited as to what they can accomplish: they can use their hashpower to reverse previously-confirmed blocks; and they can censor transactions for as long as they control the majority.
What they cannot do, among other things, is steal your transactions, mint additional Bitcoins, steal your coins, or "blow up Bitcoin." This article is a good summary of the history and risks of a 51% attack. Such attacks are incredibly rare, and more importantly, almost everyone is safe even during an attack. Unless you are sending or receiving a transaction at the time the attack occurs, and unless you're the specific target of the fraud, your coins are still safe, even during an attack.
So when you send or receive Bitcoins, the odds of the transaction being reversed or censored are perishingly small. In the real world, these attacks practically never happen, and the target is almost always an exchange. If you aren't an exchange, or some other major whale who regularly receives vast sums, it's practically a given than your transactions are safe from a 51% attack - even during an attack, which almost never happens.
Where BTC shines
So here's where BTC wins hands-down. BTC can unquestionably argue to have greater security when large sums need to be moved quickly. With a block payout of ~$330K per block, BTC is capable of adding around $2M worth of hashpower every hour. If you need to receive $20M, and the sender is willing to pay the fee needed for fast confirmation, no chain is better suited than BTC. (Note that it's the recipient, not the sender, who incurs the risk here. The sender cannot lose his funds: they either go to the recipient, or are returned eventually.)
Note that, if the sender and recipient are willing to wait, then they can use a lower-hashpower chain like BCH, and the same $20M transaction will eventually have the same $2M of security as one hour of BTC confirmations. Where BTC shines is when large sums need to confirm quickly.
Are you one of the people lucky enough to be concerned that your $20M in funds arrives promptly and safely? Then BTC is absolutely for you.
Where BTC fails
But if you aren't an exchange, and you're receiving tens, or hundreds, or even thousands of dollars; and the sender isn't willing to pay the significant fee needed to make sure your transaction arrives quickly with high confidence, then you're in for a very rude surprise: BTC is arguably less secure than BCH. And here's why:
As of the time of this writing, it's been two months since BTC cleared its mempool. The BTC queue of unconfirmed transactions is over 150MB. For the better part of this period, transactions that paid even $5 dollars in fees have been stuck for days or weeks. Currently, https://bitcoinfees.co/ is estimating that to get a transaction confirmed in the next hour will cost $12 in fees (up from $6 in January). We have every reason to expect that required fees will only go up, not down. Worse, low fee transactions stuck in the mempool are getting dropped completely.
Meanwhile, BCH clears its mempool dozens of times daily; usually 5-7 times per hour.
Complicating BTC's situation is the fact that BTC employs a dubious feature called "RBF" or Replace-By-Fee. The purpose of RBF is to be able to "upbid" your transaction fee in the event it gets stuck. But it can also be used to "unspend" (or double-spend) your unconfirmed transaction by sending it back to yourself. So on BTC there's a high risk that an RBF transaction can be reversed before confirmation, which itself could take days or weeks - and a worse risk that a non-RBF transaction will get stuck and never confirm.
It's important to note that RBF exists because congestion on BTC is not by accident, but by design. Any blockchain might experience congestion due to bursts in activity and the inability of current hardware / software to keep up, but among the thousands of crypto assets, only BTC has made the overt decision to intentionally limit the system far below its theoretical capacity limits in order to force a backlog. So this isn't some kind of anomaly that will go away on its own, or capacity issue that developers are currently tackling, but actually the intended design of the system.
Let that sink in.
So which is more secure?
We need to balance two competing issues.
What is the probability that a confirmed BCH transaction gets singled out for reversal by a hypothetical 51% attack - which itself has practically never happened in the history of crypto, vs.
What is the probability that a BTC transaction never confirms, or is reversed, during periods of congestion which frequently happen and in fact are by design?
I'm sure that someone more skilled in economic analysis could reduce this to a formula, but any layperson should be able to recognize a fact: for "average users" paying a "real world fee" who aren't urgently moving vast sums of money, BCH transactions are much more likely to confirm quickly without reversal or failure than BTC transactions. And on the blockchain, confirmations = security.
A thought experiment
Let's say I told you that SomeCoin was experiencing a 51% attack by miners who were censoring transactions to extort money. The attacking cabal of SomeCoin were demanding a minimum $12 fee for transactions; otherwise, it gets dropped.
How is BTC fundamentally different from a coin that is experiencing a sustained 51% censorship attack?
Conclusion
So to summarize an answer to the question, "are BTC transactions really more secure than BCH transactions," the answer requires a question:
Do you receive very large payments that need confirmation in under an hour from senders who are willing to pay the high fees needed for fast confirmation? For this, BTC is without a doubt the most secure blockchain in the world.
Do you receive very large payments that don't need fast confirmation? Are you willing to wait longer for more confirms? For this, BCH offers equivalent security for a lower fee, but is slower.
Do you receive human-sized payments that need reasonable confirmation in an hour or so from users who won't pay unreasonably high fees? For this, BCH is unquestionably more secure.
Most people are not whales. Most people are not exchanges. Most transactions are not for vast sums.
For typical people making typical transactions, BCH is the more secure blockchain.
Here's an additional argument against 51% FUD:
By design, miners are married to the algo they bought hardware for. They can't stop mining, ever, because the ASIC hardware can't be repurposed and you have to return that CAPEX. As a consequence success of ALL coins with the algo is in their best interest, because it's the TOTAL block reward from all coins with that algo that pays them. Not just 1.
The revenue maximization means you allocate your hash-power proportional to the market value of block rewards. If you "attack" any coin, it would reduce the total block reward value so what's to gain? Even if a single miner would be stupid to try it for some ideological reason or shorting attempt, other miners know where the money comes from and they could re-allocate the hash-power from other coins and mine sub-optimally for a while in order to defend that coin i.e. a future income stream (they'd likely still be making money while defending the coin, just less of it than in the optimal allocation).