Well - I'll stand by my phrasing while agreeing with your higher level point.

Botnet wranglers have an advantage over "normal" miners, and if they're not a dominant fraction of the mining that's happening, they should be able to mine with a comfortable profit while everyone else's net profit is driven to (close to) zero.

But absolutely:  Botnets face the same decision of what to do with their resources, and they'll only mine if there is not some other more profitable activity that doesn't require the CPUs and/or that the mining activity does not so increase their chance of detection that it's a net loss compared to more profitable activities such as spam, keylogging, etc.  I suspect that in practice, the latter is the real limiter, since many of these activities do not consume massive amounts of CPU and could in theory be performed concurrently.  Slow, hot computers make people think "eek, virus!" which is close enough to the mark.