I don't see this trend reversing itself any time soon...

???
You posted a correction to say that the Windows default with SP1 is "secure"
???

Try running nessus or even nmap against it.
Try referring to NSA guidelines for securing a windows 2003 server environment.
http://www.nsa.gov/snac/downloads_win2003.cfm?Menu ID=scg10.3.1.1

Or read some of the SANS whitepapers:
http://www.sans.org/rr/whitepapers/windows/

Windows machines can be hardened to a degree, but never as much as it's possible to harden linux or bsd's because they can be streamlined much much more by tossing out all of the unused components and modifying the components you do use to be slightly nonstandard and less succeptible to known attack vectors.