Some security analysts over at a firm called Coverity has announced that the Android kernel is riddled with security holes. Despite the issues the analysts claim with the kernel security, they still rank Android higher than most open source OS projects.
The company claims to have found flaws in the source code using some sort of automated analysis to the tune of 0.47 defects per 1000 lines of code. The total flaws found in the kernel code were 359. Apparently 88 of those flaws are rated as high-risk items.
Those high-risk flaws include memory corruption, memory leaks, and uninitialized variables. The company will withhold details of the flaws until the end of the year apparently. I would presume Google would patch any serious flaws in the security of the OS.