I'm thinking he may have meant it differently than how we might take it. To a point, he's right. With the Iphone only criminals will be looking to infect you and take over your phone.
However with the Android being an open platform, anyone can go and look at things, and file bug reports whether they understand what they are looking for or not.
At the same time you have people like my pal Jon Oberhide, writing APPs that Google has had to pull. The Twighlight app that Google tested their kill feature on, the fake Angry Birds bonus levels, which installed 3 other fake programs. (Jon leads the local City Sec group ArbSec, how I met him, and is a security researcher, I've also heard that his shmoocon talk should be pretty good).
Some would argue that it's things like that, and Apple's app review before release model that keeps things safe.
I'm not saying his argument is good, I'm just saying that he may have meant it in a way we don't see it. I don't think he was talking to the people like us, but more to the lay-people who just want things that work.