I agree with SirDice that the security model is somewhat lacking once a user has decided to run something.
For instance if you happen to be logged into OS X as the admin (dont do it, you DO NOT need to be an admin all the time. If you need admin rights the OS will prompt you for creds) then yes anything dodgy that you run, so socially engineered malware for instance, will run with the users rights, ie admin rights.

I work for a Computer Security company that produces software for OS X and the biggest issue for normal users are the attachments that they get in emails and stupid bits of software that they have downloaded from a website, or torrented/P2P for.
Users are far to trusting. Wow, naked images of Brittany Spears, wkd. Right double click on that, oh needs admin rights, right enter my username and password.oooooo no pictures, hmmmm, thats odd.
Its a lame example (although you would be surprised how many people *still* fall for it. But things like cracked codecs, or free software that will fix all your mac woes.

So i guess what im trying to say is that the security model could be improved immeasurably, but the first hurdle that needs to be addressed is the thing between the keyboard and the chair. Decent security education is essential, but its something that just isnt looked at well enough these days.