it is essentially less difficult to write exploits for Mac OS/Linux than it is for Windows, given the many anti-exploitation mechanisms Microsoft has embedded in the last years
This is a terrible non-sequitur. Microsoft has made enormous gains in recent years, but only because they were so far behind to start with. It's like saying "Person A ran the 10th mile of the Boston marathon 2 minutes faster then Person B". It's problematic for two reasons. First, it doesn't actually tell you who was ahead at the end of mile 10 unless you knew where the runners were at the beginning of mile 10. Second, it doesn't tell you anything about where the runners will be relative to each other after mile 15.
People should choose a platform based on their productivity requirements instead of purely security.
People should choose a platform based on all of their requirements. Often compromises do need to be made, because there is never a system that does exactly what you need. It's important to be able to identify which needs you are willing to compromise on, and which you are not. If your users can accomplish their work at all, that is a problem. If their work becomes a little more difficult because of the extra security measures, you have to decide whether that's an acceptable trade off, and at one point the line should be drawn.
Furthermore, most of the web servers broken into during these attacks (to be used as command and control servers) were not Windows, but Linux.
Have you determined how the machines were compromised? Generally speaking, Linux web servers are most likely to be compromised through attacks on third party software such as phpBB. If you switch to Windows and keep using the same third party software, you haven't really improved your situation. This, by the way, is where people often get into trouble when assessing requirements. Many people will say "I need an OS that will allow me to run software X", rather than saying "I need a platform that will allow me to perform task Y". By improperly assessing their requirements in the first place, they limit their options in the long run, and in the worst case, they may have restricted themselves to a platform with inherent flaws.
If you're really looking for the most secure software, look around and see what other people who demand security are using. The NSA uses and has contributed heavily to SELinux. I believe that OpenBSD has similar high profile users/contributers although I don't remember any off the top of my head.
Above all, though, it's important to remember that security is a process. Any system can be made secure with enough work. Any secure system will not remain so without continued work. And finally, the most difficult part is also the most important: The user is almost always the weakest link.