Java applets and ActiveX controls are probably more of a security risk. Also accepting certificates is a security risk most people are not aware of.
I did some work with writing in-house tools for a company using Java applets to get access to the local drive on a computer. Once the user accepts the certificate that pops up the Java applet had the same access to the files on the computer as any other program running on it locally. This means it can actually delete, upload or mess with your files. This, of course, required the user to accept the certificate, but people in general will just click OK on anything that pops up, and not understand the security implications.
On Linux you would be a bit safer in the above example for two reasons. One is proper user rights. The applet would only be able to mess up files owned by the user and read files the user could read, so with correct permissions it couldn't mess up the whole system. Secondly, most exploits on the web are written to attack Windows machines. There are more of them and they are an easier target. So a hack that tries to modify your registry for instance, will not work on Linux or OS X, as there is no registry to modify.
A computer connected to the web is always at some risk of being hacked no matter what, as most software has some bug or other that can be exploited by clever hackers. Though I believe that the weakest link in most computer software is the person sitting in front of the screen. I recently read an article about files that had leaked out through peer-to-peer networks. People running things like LimeWire that don't know what they are doing, and share out their entire drive, or even worse the drive of their companies or government agencies computer.
