A few weeks ago, Cydia demonstrated how this was false by using a PDF vulnerability to jailbreak iPhones. If, instead of jailbreaking, the code had had a nefarious payload, hundreds of thousands of iPhones could have fallen prey to it. Maybe they do, actually, who knows. If I owned a network of millions of comprimised iPhones, I would not brag about it, would you?
Your "factor of security" is actually a false sense of security. At least those guys who use Android know they have to be cautious what they click on. Us on iPhone tend to think we are safe. Cydia proved we were wrong.
In any security attack, you have to consider how quickly a virus or malware can spread in determining how much of a threat they really are to the platform.
When Word macro viruses first hit the scene, they spread like wildfire because they ran as soon as you opened the infected Word doc. And they infected the main template file for Word, and jumped to every Word document you opened. Businesses passed around millions of Word doc every day, so the threat level was extremely high; the viruses were everywhere in a very short period of time.
Virus and malware authors are like terrorists; they are looking for maximum impact. They don't want to work on a virus just to see it shut down after only a few dozen people get infected, because then they've played their hand and their security hole gets patched.
For an iOS user to be hit by a Cydia-style vulnerability, they would need to go to a particular website to get infected, or have a particular file passed around. Good luck trying to force a million people to engage in the exact same behavior.