Windows 2003 is way more secure than the Window servers that came before it. Keep in mind it still sucks in many ways, especially when compared to any other internet operating system. The biggest problem is IIS which is total crap. Linux is more secure, although there are still things you can do to it to make it more secure after most default installs. In general it has 1/10 the problems of Window servers.
Well I would still go with NT or 2000 over 2003 if I had to. I never ran IIS on a Windows server after a few early incidents so maybe my experience comes from removing IIS which to me is useless. I mean if I can break into it, then imagine what a real hacker who knows what he is doing could do. so I always stuck with Apache on Windows if I HAD to use Windows and getting asp pages to work with Apache isn't the easiest but once configured works fine. Given the choice I always went OpenBSD (with A LOT of help) or Slackware and most of my work places have used AIX. Now I use BLAG and try to get workplaces to do the same. I found that since I got myself a MacBook Pro I haven't had the need to use Windows at all. The 1% of times I need to check IE renders a page properly I boot up Windows inside OS X. I can do that with BLAG too :)