^ If you can provide me with your email address, I can do better than citations; I have facsimilies of emails and memorandums sent during my tenure with Apple. I would post them online, but past attempts to do so resulted in the images being taken down and any account associated with the image banned.
We were under strict policy at that time to censor all mention of Mac malware, and in infected systems we were able to clean, we reported to the customer that the "virus" symptoms were in fact caused by a setting the user may have unwittingly changed, and that the Genius Bar had rectified that.
Windows XP, when brought up to date and is used behind a firewall, is much more secure in a corporate setting than Mac OS X Lion likewise at the latest point update and behind a firewall. It was unfortunate that Steve Jobs' death came just as Lion's remote intrusion, LDAP and other vunlerabilities were discovered, and news of the former overshadowed the latter.
Prior to Lion, the very architecture of Mac OS X was what made it insecure, albeit its lower market penetration was what made it safe. I encourage you to set up a small network of Windows and Linux PCs and monitor it via Wireshark. Then connect a Mac and see what changes occur over the network. While Mac OS X is loosely based on the very secure BSD, for some reason the Mac will randomly broadcast and attempt to intercept packets not destined for it. If someone released a rogue/orphaned packet in the network, or the Mac was connected to the Internet without a firewall or a NAT router, it would be highly susceptible to intrusion... hence very much insecure, but until now, the lack of interest in compromising systems with low marketshare and lower enterprise value is what made the Mac safe.
Snow Leopard post 10.6.6 is much more secure than Lion at launch, although I have not kept up afterwards. Most of the articles I've been reading have been published by Symantec, Kaspersky, TrendMicro and F-Secure. By the way, my earlier comment about Lion infections surpassing that of PCs was meant for detections made in the same period of time, not in total/throughout history.
I've heard of Flame, and like Stuxnet I believe it was a government sponsored project that probably won't affect me. I don't agree with that practice, especially if the source code was somehow obtained, but neither does its existence make Windows less secure than Mac OS. Security is about the architecture of the OS; safety is about its likelihood of being attacked.
Operating systems in general, from the most secure to least, are as follows:
1. BSD and other closed-source UNIX operating systems
2. corporate distributions of Linux (eg. Red Hat)
3/4. Windows (Vista and later) and public distributions of Linux (eg. Ubuntu, Mint)... they leapfrog over each other in terms of security, but Linux is often the safer choice.
5. Mac OS X (terrible architecture as I've touched on above)