I agree with you. Using OSS doesn't mean that you will have no software vulnerabilities, but when was the last time you heard a major news story about a Linux based virus?
The sad thing is, more widespread, high profile (eg government) deployment will likely increase the amount of those news stories. Until now attacking desktop Linux with viruses was simply not worth it.
