System security is mainly dependant on the system administrator. A misconfigured Linux/BSD box could be more vulnerable then a default install of Windows Server 2003 w/o any service packs. Vulnerable third-party programs can also lead to a comprimise of a system regardless if it is Windows or *nix. If you want to learn about Linux security view the sticky Security references
thread. IMO, locking down Linux/BSD is much easier then trying to lockdown Windows; I'm refering to using the built-in mechanisms & features here and not third-party apps. Windows Server 2003 is a more secure (that I am aware of) of an OS compared to the previous incarnations of Windows 2K/NT, but would you trust a Windows machine, with a gui & other uneeded services running, to act as a firewall for your network or would you trust in a *nix OS like OpenBSD/Debian which can be stripped down to the bare essentials and include a advance firewall in the box? As for the best distro to use for servers use whatever you are familiar with. If you really want a recommendation try Ubuntu Server or CentOS. Personally I would go with Debian or FreeBSD.