Linux servers often run standard LAMP: Linux, Apache (The Actual Webserver), MySQL, PHP. This setup is very common and very popular for web developers. You can add many common applications like content management systems (Droopal, Wordpress, etc.) very easily to this environment. This also tends to be a standard for the poor man and the open source community. Apache web server is vulnerable to the Slow HTTP DoS Attack. Beyond that most vulnerabilities are put into place by poor design and security of pages you make as Goatboy mentioned.
But when it came to my personal web server - I chose Linux.