To some degree we should always be careful. Someone could send you an applescript app that could make life unpleasant. The problem with Microsoft (I don't know about NT/2000 Server running IIS, but I have experience with 95/98/Me and NT Workstation) is that they see securiry risks as a way of making money (if not directly for them selves, then via a third party). Take Windows 98 as an example. Having VBS Hosting installed by defauft is like leaving the key to your house under the doormat or the keys to your car above the visor. A majority of the problems that Windows users experience is from a function that they never use. Microsoft has been trying very hard to live up to their "innovation" claims, and with many of these new pointless features they seem to be adding some security risks.
Macs have been at risk for a long time, the landscape hasn't changed that much, and viruses can't move as easily in the non-Windows world because there are too many different systems. With Windows you had a 90% chance that a virus would be sent to another Windows systems, that is hard for most virus writers to pass on (and many just rewrite of old viruses now anyway).
But still, in the end, we should all be careful about files from strange sources.