The Mac OS X Security Challenge by the University of Wisconsin is a much more realistic variant of the rather dubious "30-minute hack" that is currently haunting the press and blogs. Because on the box hacked in 30 minutes, the attackers had a user account - it was therefore a simple privilege escalation, not a remote hack. The latter is quite different to set up, as you first have to get access to the machine.
Nevertheless, Apple should of course also take privilege escalations seriously - because, for example, on publicly accessible computers there are already some attack scenarios that are quite problematic - especially with alleged security features. For example, the encrypted home directory becomes a farce if multiple users can be logged in at the same time on the computer - the home directory is opened and mounted when the first user logs in, the second user can then simply look in. Apple should already improve at such points, of course also at the points where an unprivileged user can get root rights - because these are attack vectors for viruses and Trojans.
Hey, I don't feel like having similar nonsense like under Windows in the long run, so make sure you close the holes at Apple!