Early on, Mac OS 9 suffered greatly from viral infections. This was due to some of the same sort of things that seem to plague the Windows world, where 'objects' could 'come alive'. In particular the Resource Fork of the old Mac OS file system ( and still has some existence in Mac OS X), was the usual pathway. A 'Resource' could contain code, and would often be executed at various times, such as start up when the OS is first bringing up the disk and filesystem, or when an Icon was double clicked, or similar.
Everyone claims the mac is safer but realisticly isn't it less safe because most people on a mac are not as cautious as pc users.
In the case of actual 'Resource' fork issues, those have become very 'minimal' because now most people do not run the Mac OS 9 environment and Mac OS X applications usually only use the Data Fork, ie. 'dead' data.
Of course there may be other ways to get at a Mac OS X system, bogus 'applications', or 'email attachments'... however, it does require that someone have a Mac and create the appropriate binaries to do this. Since the Mac is less popular, there are fewer individuals engaging in this entertaining pasttime.
The same holds true for the various methods of accessing control via 'wyrd' TCP/IP port actions. One may be able to 'crash the listener', but then the code that's on the 'stack' is probably not PowerPC code. And even with the Intel processors replacing the standard Mac line, the OS and system calls required are completely different from the Windows, so there is less activity because of the lower numbers of users.
Mac's suffer just as much from potential holes, such as cookie/javascript/java-applets, etc. as the Windows equivalents.
To sum up, Macs are relatively 'safe' because the number of people who want to do damage don't have Macs typically.
The problem centers around the need these days to have really niffty 'active' widgets, which do things, rather than requiring a program to be run which 'does things'. Hence, evil doers can take advantage of that 'ease of use' feature, and create havoc.
If for example you had to go to the command line, and run the 'editor' program to 'view/modify' a dead text file, unless the 'program' has been replaced, you have a high, almost infinite confidence that no evil will come. On the other hand, having the ability to 'double' click an Icon on a desktop that 'automatically' configures things for your convenience, there is a much higher likelihood that something could be inserted into the process which will do damage... including oversights by the OS manufacturer... oh, that could never happen... no, no, no... never...
