Mark Cox has some very good statistics up comparing RHEL3, FC3 and Windows, Linux consistently had lower number of days of risk as well as an overall lower number of critical flaws (by Microsoft' own standard).
His blog can be found here and is regularly updated with security statistics and information:
http://www.awe.com/mark/blog
Looking at the numbers, free software beats closed software hands down when it comes to security in every study I've read (except those sponosored by Microsoft for some reason).
That being said we are only better than an absolutely terrible option, that doesn't make us good - the best distro from a security stance would probably be Fedora Core with SELinux turned on as they currently are the only mainstream distro to deploy proactive security.
Bookmarks