Those of us who use Linux regularly have to guard against our tendency to think that with regards to security we’re bullet-proof. No such thing when it comes to any computer connected to the Internet, is there?
The largest threat is social engineering. A well-hardened/secured Linux box is much more secure, technically, than a Windows box.
In fact, I've set up all our new builds here at work so that no user (except one account) can become root--even if they know the root password. They can run a limited subset of commands as root (to enable them to do their jobs), but they cannot become root, and they cannot edit important configuration files as root--though they can edit other files as root.