There are more critical issues (meaning issues that allow an attacker to take over the entire machine) open in FF than there are in IE at this time, and they take longer to fix on average...

There's 2 reasons there are less exploits for them:
1) those exploits are often written by Microsoft haters (a.k.a. slashdotkiddos) who don't want to sully the name of their own brainchild
2) the rest is written by people that do it for money and those won't target a browser that has such a small market share, it's simply not economically viable.

And that's for browser-specific exploits. Most exploits aren't and will affect the target computer whether IE or FF is in use.

If and when FF gains a large share of the market the slashdotkiddos will get bored of the limited impact of their crimes and start attacking FF anyway, while at the same time the commercial writers will start seeing profit in targeting FF.
At that point all hell will break loose.