No OS is 'immune' to security threats because formal correctness cannot yet be established for anything as complicated as an entire OS. A small experimental kernel was formally proven correct recently however.
No mainstream OS even has a very high level of security.
I'm not pointing this as any particular person here but gosh our industry has a lot of clueless people to speak about topics they know nothing about.
The various reports on this problem are generally wrong on several levels. I won't go into them as I've already done that a few times and so have others.
What I will say is that methods to avoid source compromises like this are well understood and have been in use for as long as 20 years. You calculate hashes of the packages/archives (eg, using md5), keep the hashes in a seperate security domain and check them when you download. Package management systems usually automate the checking these days.
This problem occured because the people producing the package/archive didn't follow well known security procedures.