Sure. Read this when you're having trouble sleeping :-)
On Linux, if you have a file, it has "permissions", of which there are three classes per file: user, group, and everyone. You can say that a file belongs to "johnk", and to the group "web", and has read and write permissions for johnk and web, but only read permissions for the world. (This allows me and my group to work on it, but everyone can only look at it.) A file cannot belong to two groups; you cannot make write permissions available to a single user outside of the group. On NT, you have this fine level of control. (It's called access control lists.)
Also, on Linux, you have a login that allows you onto your machine. If you need access to several machines, you create a "domain", and add machines to it, and you can get access to all those machines. When a machine defers to the domain's authority, it loses its ability to have its own lists of users.
On NT, you also have domains, but participating in a domain doesn't deprive the machine of its own list of users. Also, NT has a lot of features to help you establish "trust" relationships between domains, so they may "share" users. NT also has security features that let you group access to the system by groups, while Linuxs' isn't so fine-grained.
The irony is, Linux often end up more secure than NT. I believe it's because NT security is not simple enough. (In fact, Linux isn't sufficiently simple, IMHO. The Mac has an even more primitive security model, and it seems to be more than adequate.)
Basically, most people don't like security, and turn it off.
When I want to secure something, I end up using two machines -- the "all access" unix machine, and the "schmoe luser" windows machine, and use the schmoe machine for everyday tasks. If I need to modify files protected from lusers, I have to log into the unix box and screw with the files. This idea often extends to enterprise security. Networks are physically separate, and you only trust the people on your LAN -- your coworkers. If you need access to another LAN, you need to walk there, or get someone on the other LAN to let you "tunnel" into their system.