Open Source: A False Sense of Security? …when the Code Red and Nimda worms chewed their way through hundreds of thousands of unpatched Microsoft Internet Information Services servers last year, Apache users sat back and smiled, believing nothing like that could happen to them.

Then it did.
http://www.eweek.com/article2/0,3959,562220,00.asp