To date iOS devices have, if anything, been significantly less vulnerable to exploits than OS X for many reasons…
- Known vulnerable functionalities such as Java and Flash are not and have never been available for iOS,
- installing anything other than through the app store is only possible on devices that have been chain broken (which requires physical access to the device and immediately terminates any Apple support)
- "sandboxing" of all apps has been the only option for iOS since day one.
- "sandboxing" makes it very difficult, I would never say "impossible", for one app to spy on another
- NOTE: Cookie Stumbler has recently appeared in iOS but it requires user input and passwords to link it with Safari.
- High risk apps, such as those from financial institutions, often have their own at least semi-proprietary security measures. (I know of one that is encouraging its depositors to use their smartphone app rather than their web interface for security reasons. In fact some of their smartphone app technology has now been ported to their web app.)
I don't think it is unreasonable to assume that as the internet becomes a more and more hostile environment it is inevitable OS X will move closer and closer to the iOS model and features that have been "grandfathered" into OS X to support third party apps will become more and more restricted or even disappear altogether.