So what where the difference between the original Mac version and the same code ported over to Windows, which in theory should have simply replaced the OS specific calls? First the Windows port changed the default download location to the desktop, despite the fact that Windows has a downloads folder just like Mac. That means files get deliberately dumped all over the desktop until the screen is a mess. That's a minor thing though it does help make Windows seem cluttered to the average user.
The major change was they removed the code that marked downloads as untrusted. So when a hostile website silently saved an executable file called Safari.exe (directly to the users desktop) there was no untrusted flag. No other browser on Windows works this way; IE, Firefox, Chrome and Opera all mark downloaded files as untrusted to prevent them from being accidently run without a user notification. Safari on OS X marks downloaded files as untrusted so that users are shown a notification. But the port removes this basic functionality. And taking away that safe guard makes it a lot easier for malware to be installed on Windows when a user is browsing with Safari - not just the Safari specific exploit that silently downloaded files, but also the wealth of executable malware that likes to pretend to be a legitimate file (such as websites that attempt to give users an executable file in lieu of a promised video or torrent download)