Looking at the hacker contest link - http://rm-my-mac.wideopenbsd.org/ - it turns out that the machine's software was heavily modified, and much of Apple's standard software was replaced with non-standard versions (e.g. the Apache web server), and LDAP was wide open to allow anyone to add an account to the machine. So this test was totally bogus for purposes of evaluating security for the average Mac user.
You said -- "... it turns out that the machine's software was heavily modified, and much of Apple's standard software was replaced with non-standard versions (e.g. the Apache web server), and LDAP was wide open to allow anyone to add an account to the machine."
I've read some comments on that article that says that Microsoft is putting certain people up to misleading the public by doing these kinds of "fake tests" to introduce FUD into the discussion.
I hear that they are starting to fear the massive changeover of previous Microsoft users to the Macintosh.
And also I have read others who say that the Anti-virus companies are also behind a lot of this FUD.
Actually, that makes sense when you see the "over-hyping" of a lot of these kinds of things and also how well Apple responds to a lot of these minor inconveniences (which are not major exploits at all).
I would say a lot of people are out there just trying to stir up the pot -- more or less.
There's not really any big issues with Macintosh Security on OS X. It's a pretty solid system and works *extremely well* for the average user -- which most of us are. It sure works a lot better for that average user than the Windows systems do.
Regards,
Star Traveler