There's a few people on this thread who are far more qualified to answer than me, but.

I use exclusivly Linux, at home and for research, basic numerical modeling type stuff on clusters. It's the fundamental design of the system, (based around a Unix model I think) that makes it safe. That said, there are things you can do to make it unsafe. There are known risks out there for it.

As for the small target scenario, yes that is most likely a factor to a point. There's nothing like having all the attention and effort focused on one system type to be able to bring out any possible vulnerabilities.