Worm authors, script kiddies, and so forth are often lazy in many ways, and look to maximize their return on investment. So they tend to focus their efforts on the easiest and most common targets. These are not always the same (IIS has proven to be pretty easy, but it's definitely not the most common).
However, picking uncommon software and hardware can drastically reduce your risk of being attacked. Just being rare per se does not mean that you are more resistant to attack, just that you don't get attacked as often.