[cantankerous]

What if there is a hack/mistake/bug in the appstore ?

The de Cartes-style demon argument is generally a weak fallback. The end game of this argument is that you can't trust anything because you can't fully trust anything.

The reality of the situation is that the app store is most definitely more secure than Windows's distribution model because it normalizes the vehicle for software delivery. Security is scrutinized and narrowed down to one place. Users become less trusting of software coming from 3rd party sources (detrimental in some cases, to a more free and open platform), but added security is definitely gained as part of the tradeoff here.

[excuse-me]

Yes the app store limits improves security - compared to randomly clicked email attachments in windows.

But as the recent flame worm, signed by a microsoft trusted certificate (http://isc.sans.edu/diary.html?storyid=13366) shows central security systems aren't automatically foolproof - and if you are prevented from having any sort of local control or anti-virus by that same central security system, you can be up a certain creek with a certain paddle

[cantankerous]

shows central security systems aren't automatically foolproof

That was never contested by anybody. What the flame worm showed was that there needs to be stronger security around private key portions of signing certificates.

any sort of local control or anti-virus by that same central security system

Funny how that works. Anti-viral software is a central security system that uses similar distribution and signing techniques as the app store! Not to mention, anti-viral software doesn't protect you from zero-day exploits, unpatched software, and brand new malware that tends to be the thing that causes the most problem. Not to mention metamorphic and polymorphic malware, which is getting more and more common and runs circles around modern AV software.