The security argument between the two isn't a very compelling one. They've both had their share of problems, though it is true that 1.3.x has had longer in the field for people to find these problems.
The main benefit to running Apache2 is that it contains (supposedly) no legacy NCSA code. It also has different server mpm models, depending on how it's built that IMHO are better than prefork (i.e. worker).
The reality of it is that unless you have some really strange software requirements, or run a *really* busy website, either one will serve you just fine. I prefer 1.3.x personally, but I have both installed on servers throughout the net.