They very much are, and have been, for awhile.

Remember this? http://www.gizmodo.com.au/2012/05/adobes-photoshop-security-...

They left Photo CS 5.5 users twisting in the wind, recommending customers pay to upgrade their one-year-old software to CS 6.

I don't know if it was the external pressure or a slow in-house process, but it took them a month to release a fix for CS 5.5 users: http://www.adobe.com/support/security/bulletins/apsb12-11.ht...

If you wanted to put Microsoft under a microscope from 2003-2010, during the time where they were actually putting in the work to transition from a 1990's software security practice to a 201x security practice, you'd find plenty of "smoking guns" to win arguments with on message boards.

So you're implying what were witnessing at the moment is Adobe improving as steadily and quickly as it can?

Why do I find that hard to believe. Oh right, because I've launched and used Adobe software in my life.

TL;DR: you probably won't notice unless you are looking for bugs in their products, and trying to write exploits.

You will certainly not notice any improvement in their "creative" apps.

But these do not really form a part of most people's "internet attack surface". The priorities are Reader and Flash. Perhaps AIR.

Adobe Reader X is a lot more secure than Reader 9 was. The bugs are still there - many Reader 9 bugs affect X. However, exploitation is much harder, and I haven't seen anyone get reliable code execution in X yet.

They are supposed to be working hard on Flash too, although I haven't looked at that recently. I remain unconvinced that Flash is actually fixable, but perhaps they could win with strong enough sandboxing and exploit mitigation...

This is exactly what Slashdot commenters said about Microsoft software in 2007.

That doesn't apply until they start actually releasing out of band updates for very, very nasty flash/reader vulnerabilities.

[citation desired]

A good person to follow here is Brad Arkin.