Your theory only holds water if all hackers and virus writers all over the world are colluding and collectively have decided to wait for the jackpot.
In reality this doesn't work because
1) there will be a hell of a lot of "credit" for being the first
2) someone else may beat you to it
3) if someone else beats you to it, apple will patch it
4) apple may patch it anyway, without it being exploited
5) apple may never get anywhere near a MS market share
6) why wait on a money maker. 11% market share is still a lot of people, especially as 99% of them don't have antivirus. An effective virus could hit millions of mac users and catch them with their pants down.
7) as we know from MS ads, Mac users have more disposable income, as we buy ridiculously expensive computers, that's attractive in a "more $ per victim" / "less work for return" sort of way
8) etc etc etc
You make valid points on the whole time thing and waiting could result in someone else beating you to the punch, but I think this is where simple math and greed comes in. As you said, 11% of the market share is still quite a lot of people and you could catch them off guard.
My reasoning is based simply off of greed and also off of people that are probably doing this for PC's all ready and seeing that the results are pretty fruitful. On a PC, even if their virus is only 25% effective, that's still almost double the amount of return a hacker would get with Mac assuming it's 100% effective on the Mac. Obviously, no one will ever get a virus that infects absolutely everyone, so they establish a guestimate (yes, I said guestimate and I know how wrong that just sounds) and factor in effectiveness to profit and no matter how you slice it, PC currently is just way more profitable on all scales simply because of the vast amount of users.
Greed is a very powerful factor in everything. You can change the TV channel to anything on any given day and see people on gameshows for money and they've all ready won a million dollars, or half a million dollars, more money than they'd ever see in their life the way they currently live and they could take it all home if they just walk away. But, what do they do? They go for even more and typically end up losing everything. The gameshows know that greed will typically prevail. You think they just want to give out money? It's cause they get advertisement cash and they know that 9 out of 10 people will be greedy and lose. I would only imagine that someone smarter (referring to a hacker) would have the patience to know when to play his cards and when to back out.
You're right, that no matter how you look at it, it is profitable either way, but due to greed, it's simply not worth the effort to target such a small market. They might get away, but then Apple starts immediately focusing on security afterwards and they could have waited for a much bigger pot.
Granted, I made it sound like a mass attack would happen in the near future and that's my fault. We're probably a good 5-10 years before I think a first "major" attack is made on Mac, and I'd guess that it happens once Apple breaks at least 25% marketshare. I don't see Apple ever really challenging Microsoft on a marketshare battle for a lot of reasons, but I do see them becoming quite a bit more mainstream and a lot less niche over the next decade.
I'm just the type of consumer that looks at the big picture and doesn't take anything for granted. Despite the fact that I think it's a ways away from happening, doesn't mean I'm going to go on my daily life as if I know that for a fact not considering that it could also happen tomorrow. As someone who's had his identity and money stolen in the past, I'm not as naive as I use to be.
