Just in case anyone doubted that the web is a dangerous place, this article discusses the very real possibility of getting a virus just by visiting a web site with scripting enabled. See, it happens to the ubergeeks among us too. ;-)
The safest way by far to browse the web is using Firefox with the NoScript plug-in installed. I keep scripting disabled by default and only enable it on sites I trust such as my bank, Amazon, etc. For those web sites which don't display properly without scripting enabled, I resort to browsing to them in a Virtual Machine under VMware Fusion. It's far easier to restore the single file containing my virtual machine than it is to have to either restore my entire machine or reinstall software.
Using OpenDNS is also highly recommended. It helps cut down on phishing by warning you when a link has directed you to a dangerous web site.
Those of us using Macs shouldn't feel too smug. With the Mac's popularity increasing so quickly, it's only a matter of time before the people who write malicious software start targeting Macs in earnest.