Let's say I write a program that erases your entire hard drive in one click, and I label it "Hard Drive Eraser" and upload it to Download.com. Legitimate, not malicious, not a security threat because I clearly state what it does, correct?
Now let's say I take the exact same program, but label it, "Adobe Flash Updater" and email it to grandma and tell her she needs to install it to watch a video on the web. She trusts me, runs it and her computer gets wiped. Is it OS X's fault that this happened? Does it mean OS X has weak security?
Nope. But things could be improved this way:
Apple creates a walled garden environment with the Mac App Store where only Apple-approved programs go up (similar to iOS)
By default, OS X would not allow installation of non-App Store programs. But there would be an option in the system prefs that disables this and allows any code to be run. It'll be fairly easy for computer savvy users to find, but for newbies it will require some effort. So when they next visit an infected page that tries to get them to install a fake update, the program will not run at all.