As a security consultant, I'd have to disagree. MS's code is significantly less secure than its competitors.
MS's development strategy is always to "let the computer do the work". In other words, they consistently move in a direction in which code gets bloated etc, but features can be added easily. This is a much different approach than the traditional UNIX squeeze-it-to-the-last-bit mentality. MS's approach is not inherently bad: they have produced, in many areas, but especially the most external ones (UI for instance) very rich features. It's just their focus is on the externals, not the internals.
What's more, they are very focused on integrating the Internet with the Windows desktop. Thus, IE and Outlook are very integrated with each other and with the Windows system, much more than let's say Opera and Eudora. So there is a lot of interaction between these components, and thus greater potential for vulnerability. IE is designed to easily run mobile code on the system through a variety of ways (like ActiveX) - it's hard to get Opera to do the same.
I don't directly fault MS on these decisions. It's a question of which is more valuable to the user (consumer): rich featureset and UI, or internal robustness. Integration or privillege separation. People vote with their pocket books, and so far, people have voted for MS (although that is beginnng to change...).
What I must blame MS for, and quite admantantly at that, is their arrogant, and even down right deceptive, attitude towards security. Whereas most other companies attempt to publicize security issues (Netscape, for instance, will give you a reward if you find a bug), MS does everything it can to downplay them. Every advisory they release has a big section called "Mitigating Factors", where MS tries to convice you not to be scared. Some of the "factors" are outright ridicuolous if you read them! Why do they do this? Shouldn't they be trying to convince people of the need to patch, not the other way arround!
They also refuse to give credit to the discoverer if they don't like them. I know of no other company that does this! The recent critical update to all Windows (discussed on WebmasterWorld), for instance, was discovered independently and released via iDEFENSE (an security company, not related to my company [qDefense]), and reported to MS, yet MS refused to credit them.
And, with MS being by far the least secure platform, they have the audacity to advertise the security of windows as a feature over other platforms. It's the ol' if-you-lie-enough-they'll-believe-it plan. (But at least here, it doesn't seem to be working - Windows is getting a well discovered reputation for lacking security)