and I quote from the Forum in that web site
"A common excuse put forward for the many security holes in Microsoft's products is that they are only found because of their large market share. A comparison of Apache with IIS demonstrates the fallacy of that theory. Microsoft's IIS has around a 27% market share, while the open source (and free) Apache server has over twice that (as measured by number of sites served). So, according to the 'large target' theory, Apache should be the focus of crackers attention. But it isn't so. As we know, IIS has been breached by an unending series of Windows' viruses and worms with Microsoft acknowledging 40 security holes in the first 7 months of 2001 alone. The number of significant security issues with Apache can be counted on the fingers of one hand."
You know math by the way right?