It's an extremely common and foolish mistake to assume that all Linux distros (or any OS, for that matter) is "secure out of the box". The only one I've see come close is OpenBSD, simply*
because everything is turned off by default (other than OpenSSH). I suppose maybe some others, like Plan9 and.. Eros is it? are pretty secure by default, too. Any way, I digress...
From my experience, Mandrake does a fair job of being relatively secure, but ONLY
if you select a high security level during the install (it will ask you what security level to set to, the default is too insecure IMHO). Even though it uses some lock-down scripts, Mandrake still installs a lot of bloat so I wouldn't really consider it in any way a "secure distro".
There are various different distros that claim to be "Secure Linux", so check out www.distrowatch.com.
A quick search turns up Trustix, Immunix, EnGarde, etc... YMMV.
Actually, there's a lot more to it than that, but that is the easiest answer.