I have to agree with jwz on monitoring for security patches. That should be the job of the system administrator(s). End users have more important things to do (as far as the company is concerned) than monitoring patches for their OS. If the system administrator doesn't know where to look for security advisories and patches, then maybe it's time to find a new system administrator. I am not a system administrator. I'm one of those geeks at the company that brings in money on contracts. I have enough things to do at work that I don't need the added burden of duplicating the work of my company's system administrators (no matter how bad they may be).
That being said, I also have to agree with Nicko Acks in that Linux distrobutions turn too many services on by default. Heaven forbid someone should take the better route and leave everything off to begin with (like OpenBSD) and then let the system admininstrator turn on only the services he needs.
Having many distros may be a plus, in some ways, but it's also a definite minus too, considering that the (potential) user needs to consider the pros and cons of each (or just run out and buy the newest version of Red Hat like most people these days :p). And significant energy is wasted duplicating efforts to keep patches up to date.