While I was searching online for information about Linux security, the most typical explanation was: Linux is secure, because the root password is required to access the kernel and install new applications - therefore external malicious software can't do any harm as long as the administrator is the only person to know the password.
You're right in that it's not the password that makes a system safe, it's the tools and the culture (but let's not completely discount the password). The easier you make it for people to set up and administrate user groups, accounts, and privileges, the easier you make it for a system to be secure.
In earlier Windows versions (1), having a single user account with all privileges was the norm. No password, full administrator rights. This basically meant that Uncle Joe could do whatever he needed to do without worrying about things like elevated privileges. It also meant that any code managing to execute under his name would have free rein over the machine. It was up to individual programs, if they so chose, to implement fail-safes and 'Are you really, really sure?'-boxes.
By contrast, Unix/Linux have long been multi-user systems by design. They are built with the idea that there will be different roles with different security requirements:
Administrators maintain the system. They may need to upgrade the operating system, modify programs, add/remove groups and privileges... All this means they need pretty much unfettered access.
Users are everyday consumers of the system services, the Uncle Joe from above. They use software to write letters, read documents, surf the web, play games, and so on. They can install software to a degree, but only within their own sphere of influence; they can't modify system software or libraries.
Running services are often given their own user accounts as well, because they tend to have very limited, well-defined needs. MySQL will need some directories it can write to, a network port it can open, and so on, but it does not need access to Uncle Joe's documents or the ability to overwrite/modify software (even itself).
So even if a running service is compromised (an HTTP server, for instance), if it is itself not running under the highest privileges, it is limited in the amount of lasting damage it can do. This mindset of running under limited privileges is what makes it a more secure system.
OK, that sounds good. But when a password is the only thing that stands between restricted access and total control of the system, is the system really that secure? By that I mean all kinds of tricks hackers think of to access systems, and particularly to reveal data (passwords).
That's kind of like saying a vault isn't safe because people with the combination can get in.
But still, you make a fair point. Become root, get full access.
Any system where someone needs special access leaves room for that someone to be impersonated. That's why the number one rule for any password protected system is not to leak the password.
There are mitigation strategies that you can use to limit the damage of a compromised root account, such as whitelisting only specific IP address ranges, changing passwords once every while, or disallowing some roles from elevating to root regardless of password.
It's not perfect. But it sure beats Uncle Joe's no-password administrator account.
(1) But don't Windows Vista and later also make this distinction? Even before Windows Vista, separate accounts with separate privileges were available but, in my experience, not commonly used.