David Litchfield has found an interesting new security vulnerability in Oracle databases and also done a comparison on whether Oracle or SQL Server is more secure.
Dangling Cursor Snarfing: A New Class of Attack in Oracle - http://securitywatch.eweek.com/cursor-snarfing.pdf
Which Database is More Secure? Oracle vs. Microsoft - http://www.databasesecurity.com/dbsec/comparison.pdf