- It's possible that the number of vulnerabilities decreased simply because the guys looking for vulnerabilities (either white, grey or black hat) don't focus on the operating system that much anymore. Online applications have come to replace a lot of our previous applications.
- It's possible that the numbers don't reflect the actual numbers of vulnerabilities, because found vulnerabilities are sold to the underground of black hats, and not published in the open.
I am quite skeptical about the interpretation of whatever statistics of vulnerabilities. Except if the numbers were zero or infinite, I don't think we can get something productive out of it.