Well, from what i understand one of the biggest problems with it is that it was derived from some older version of unix that didnt get all the good and more recent security fixes.
I was surprised a couple of times yesterday while doing some googling for baby toys to hit some goofy sites that try to invent their content based on your search, that my virus scanner picked up and stopped trojan/exploits that appeared on the pages. Havent had that sort of thing too much over the years, usually just stuff when I'm downloading 'questionable' applications and other executable content.
I wish they'd just make doing this stuff a basic felony and make it easy for people to report it for prosecution.