Mornse is totally right. As long as the sysadmin keeps up on whats going on on his box, keeps permissions about right, gets security updates every once in awhile, and keeps tabs on his users, then it can be pretty secure. Of course we're talking about NT based, because there is no real security with 3.0-ME.
Linux can be very secure as well, because you can usually see exactly what a program that you run is going to do, the best webserver for linux/unix is MUCH more secure than IIS will ever be, and there are other reasons.
However if you want to talk about secure, it's ALL ABOUT OpenBSD. OpenBSD has got to be one of the most, if not THE mose secure OS there is. Basically, it comes with nothing, so there's nothing to exploit. Just install apache or whatever you're serving, and go.
My Slackware box is pretty secure, except for the fact that I've let users get a little out of control (which will change after this little hacking contest is over) but I only keep 3 ports on my box open...so that cuts down A LOT on what people can do.