There's always a tradeoff. Windows and Linux can be locked down fairly well but you usually end up wanting to install programs of dubious origin. High-profile Linux distros with security-conscious maintainers are good choices, like Fedora or Debian.

I wouldn't touch Arch with a ten-foot pole, a combination of disastrous design decisions and maintainers that don't take reports of security vulnerabilities in default package configurations seriously has really soured any love I had for the distro once I got past the obnoxious fans and overtly hostile user experience. Arch is the only distro where I've made bug reports for security vulnerabilities and gotten asinine responses like "users should only install this package on trusted networks."

Arch is really the Libertarian's distro. Caveat Emptor :)

Qubes OS ;)

Windows?

Less common = less attention to security.

The train of thoughts here is that less common == smaller exposure, therefore less likely to be a target. Also, your statement isn't entirely true, for example, OpenBSD, albeit not being a linux distribution, is a project orders of magnitude smaller, yet with equal, if not greater, focus on security.

OpenBSD has a much larger market share than most fringe Linux distributions. They also have a focus on security and many high-profile experts.

Example: http://blog.linuxmint.com/?p=2994

Less common = smaller number of victims for the same attack. The attacker has to make it work for the software combination one is using. That's more rewarding if more people use the same software.