9x was not secure. User credentials were only used to load a user profile, but there was no functionality to deny access to anything, and you did not need to log on with credentials.

NT and 2000 forward have been secure®, with actual permissions (file/folder, registry, services, etc) applied to user accounts.

Much of the crying about windows not being secure stems from people using admin-level accounts to do day-to-day things, and then getting tricked into clicking things they shouldn’t. Microsoft kind of mitigated this with UAC prompts, but the everyday user is “annoyed” by those, so people figure out how to turn UAC off, or just blindly click through the warnings. Hell, remember when the first UAC prompts out of Vista were “so annoying” that Microsoft had to scale back their frequency, because people didn’t like it?

This particular security situation is not any of the above. It stems from an actual code exploit. Which, by my reading, has been fixed?

Anyway - a vast majority of the “Windows is not secure” is a direct result of users running as root. Which you can do on any operating system.