Let me spell it out for you. Even before this latest fiasco, no one who cares about security was letting IRC clients or servers run on their systems. It's always been too easy to abuse.
In this particular case, the group behind UnrealIRCd were just dumb about tracking their own program. Clearly, they never bothered to check their own code. The users, by virtue of the fact that they were running IRC in the first place, don't get any prizes for being bright either. After all, they were running IRC: Case closed.
If you really must run an IRC server, might I suggest you use Bahamut or IRCD-Hybrid. You'll still run into security problems, but, from what I'm told by my IRC using friends, they have the most helpful technical support communities.
In any case, the real problem here isn't with Linux. It's a problem that can, and has, popped up in any operating system. If you install a hacked application, I don't care if you otherwise have the most secure system on Earth, you've just opened it up for attack.
Now Linux isn't the most secure system in the world by default. That honor probably goes to OpenBSD. But, unlike Windows, which is insecure by design, Linux's designers are far more successful at making it secure. But, if you don't believe me, perhaps you'll believe Dell about Linux's security. Dell may be far better known for its Windows PCs than for its Linux line, but even they admit, "Ubuntu is safer than Microsoft Windows."
One final word though. Any system can be hacked. As the saying goes, "security is not a product, it's a process." Windows, Linux, OpenBSD, whatever, if you don't work on keeping your PC or server safe, it will eventually be successfully attacked. But this, this example, is really a case of bad security mistakes piling on top of each other and not an indictment of Linux.