Compared to XP, where most people tended to set up their account as an administrator, a Unix-like system (which includes both Linux and Mac) is normally configured with a fairly rigid partition between the root account and a user account, so a malicious payload wouldn't be able to modify any critical system files. It might compromise the user account if the user had a few executable files in a local directory, but not the system. There are exploits that can give an escalation to root privilege but they're not common and usually require local access to the machine rather than a dodgy email.

Part of the perceived safety is simply because there are a lot less bits of malware targeted at the less popular operating systems. There's also the fact that much of the Linux ecosystem is available as source code, and has plenty of peer review which makes it harder to smuggle something in.

Windows is vulnerable because it tends to try to make things easy for the user, automatically performing tasks to save the user from having to do them. Most of these have been subverted at some point, where the user thinks one thing is happening when in actual fact a malicious program has been started which may eventually get around to doing what the user expects to see, but will first set itself up to do nasty things. Windows 7 is a big improvement on XP, because Microsoft got its ar*e kicked over poor security and got its act more together.