Net Marketshare aggregates data from a very large sample of well known websites. AFAIK, it sets the standard for this type of service.
Machines not connected to the internet are most likely missed by this type of market share statistic. But, your estimate of "hundreds of thousands" in your company alone seems like a hyperbole. But, I can see your point. With the intel switch, many Mac users most likely upgraded. These two factors (LAN only machines and low PPC usage) most likely put the number at around 55 million.
So, 55 million probably does represent the number of users given all the other confounding variables presented in my previous post.
In relation to LAN only machines, all machines on the network are exposed to malware as long as one machine on the network is exposed to the internet. I doubt not a single machine is connected to the internet in your company. Sophisticated malware in the wild shows that this is true.
I do agree that market share affects the prevalence of unsophisticated malware, such as MACDefender and its variants, that require a lot of user interaction to install. This type of malware will always be an issue on any OS given that it does not rely on any vulnerabilities to function. But, they also can be easily avoided with a little bit of safe computing knowledge. There is only so much the software vendor can do to keep users safe given that AV software and other security systems that rely on database systems of known threats are not 100% effective.
The ease of exploitation is the primary factor in the prevalence of malware infections that require little (just visiting a website leading to exploitation to system level) or no (server-side remote system level exploitation) user intervention. Much of the malware issues of Windows is due to XP admin accounts not implementing DAC; not implementing DAC allows system level access without privilege escalation included in the exploit. A client-side exploit hosted on a web site is able to install a rootkit without privilege escalation in XP admin accounts. The same issue with AV software applies here but in this situation the user has no defence.
The low rate of privilege escalation vulnerabilities and using DAC by default has insulated OS X from this type of more sophisticated exploitation. Macs are further buffered from these threats because Windows XP is such an easy target.
If you look at the trend of privilege escalation vulnerabilities in OS X per year or OS version, the volume of privilege escalation vulnerabilities has been dwindling over time. Lion is about to be released and Snow Leopard only had 2 privilege escalation vulnerabilities. Not all vulnerabilities are exploitable. And, one vulnerability was in a no longer used system call that was fixed by removing it from the OS.
It is not that no one is looking for these vulnerabilities. This type of vulnerability is used in iDevice jailbreaks. Most of those vulnerabilities used in jailbreaks are not found in OS X. Why, different architecture with different security mitigation implementations (NX, ASLR, ProPolice)? New drivers for new hardware implementations? I don't exactly know why.
The inverse is true for Windows. With each new OS release, the number of privilege escalation vulnerabilities increases. A majority of these privilege escalation vulnerabilities are related to other vulnerabilities that have been used in exploits in the wild and proofs-of-concepts. Again, not all vulnerabilities are exploitable but the higher volume of these vulnerabilities increases the likelihood that some will be exploitable. Is the increased rate in these vulnerabilities due to UAC being a newly implemented privilege separation mechanism so the bugs are still being worked out (when compared to similar systems in OS X and Linux)? Is it due to the Windows registry leaving kernel-mode drivers more exposed to attack (this makes sense)? Again, I don't exactly know why.