The same is true of P2SH addresses. There are a much smaller number of script hashes than there are of possible scripts. Any script which hashes to the same value as your multi-sig set up will be able to unlock the coins contained on that address. So technically speaking multi-sig addresses are just as vulnerable as non-multi-sig addresses to an address collision, but since an address collision will not happen before the extinction of the human race, I wouldn't worry too much about it.
I'd say the # of people trying to hack p2sh scripts by finding collissions is a far smaller subset of folks than those trying to hack bitcoin private keys. There probably arern't any at all. It all has to do with the risk:reward ratio.