"by definition"? That's wrong, sadly. Norton et al. will gladly sell you "internet security" suites for the Mac without there being a need for it. Not because they truly fear that you're at risk, but to live off of Windows' halo effect. Most computer users nowadays "know" that you "can't" run a computer securely without having given some software dealer at least 20 bucks for security software.
They'll go even further and cry "wolf!" whenever there's an (already fixed?) security gap in Apple's software with a proof-of-concept (i.e. not in the wild) virus/worm/whatever. Then, for three or four days, you'll see lots of happy PC journalists crying "Panic! Macs are unsafe, too!!!" until finally it becomes clear that there's no real danger because
a) there was no virus or worm or spyware in the wild in the first place
b) it couldn't have spread like Melissa did through Outlook etc.
c) the bug was quickly fixed by Apple.
About this "is it or is it not spyware" thing: It would only be honest of software makers to _tell_ you that the app is going to send personal information "home". Apple, for example, very clearly states that the registration information for Mac OS X will be sent to Apple, whereas many a little app simply starts "going wild" with outgoing connections that might make me feel quite uncomfortable. So if I download, say, a Tic Tac Toe clone and it tries to connect to the 'net without giving the user any internet functionality, I find this rather disturbing. It's not as if those connections would be "see-through", you know. So I like Little Snitch very much. This way, I can tell apps: "No, you *don't* need to connect to the internet." Satisfying.