I went to one of these Top 10 CS program schools (for a graduate degree) and you can tell a lot (probably even the university) by the fact that the CS Department was in the Applied Physics and Math building. It has a lot of math and theory. There are a ton of theory classes. Plus there are SOMEWHAT more practical class in OS's, AI, natural language processing, neural networks, interface design/human factors depending on your interests. All have a huge component of the theory though so that you aren't just learning about Unix/Linux from an OS perspective, but you are learning the theory and rational behind various designs. e.g. you might learn about the Mach kernel versus the BSD kernel but with much focus on why certain design decisions are made and how that impacts performance and the like.
For example, you'll learn about CPU design and trade-offs there. You'd learn about Flynn's taxonomy and various examples of them, but you wouldn't just learn a particular implementation of a MIMD machine with nothing else.
Now we did not have a specific class in security, but it was a huge concern in the OS classes regarding processes, stack etc, and in the hardware classes for CPU memory protection and the like. Ditto compiler classes where you would have the compiler (or tools tied into it) to do verification or bounds checking etc. Even the the Theory of Computation classes it was touched upon in the NP/P discussions (Thanks Christos Papadimitriou). We discussed viruses, worms (the Morris worm impacted everyone Nov of 1988) and other malware (and this was 1988 and 1989) and best practices in terms of hardening the OS and applications so that they weren't (hopefully) vulnerable. Certainly a lower level than at the browser level, but the security discussions were wrapped into the appropriate classes so that you were made aware of the issues when appropriate.
Would a high level overview be appropriate now? Perhaps. I am not convinced though that it should be pulled out of the individual classes since I don't see that there is one "theory of security" that applies to all areas universally and it might be better discussed where it is appropriate. Maybe it would be useful, I'm just not convinced yet.
The point being that you are learning the foundations and not having it like a trade school where they get you a Microsoft certification - and there is NOTHING wrong with that, btw, it is just a different focus of what a particular program would be. Sure you can code and you know doubt know a lot about Unix (or derivatives) since you are using them, but the focus isn't on a set of skills for a particular OS or CPU. You are learning so that you can go to Microsoft, Apple or wherever and help them decide on the best way to implement something to accomplish a particular set of goals.