OmniNerd posted a rather lengthy article comparing various default installations of most modern operating systems (released in 2006, I think) using nmap and nessus to determine the vulnerability of said distributions to remote attacks. While simplistic in assessment and lengthy in discourse, the biggest takeaway I got from this article in my brief skim aligns with what I believe anyway. Operating systems have weaknesses, strengths, and problems, but ultimately it is a knowledgeable and diligent admin that makes a system secure (or more secure, if you will), and normal users can turn an OS into swiss cheese very easily.