I don't know. I have pleny of customers on both Oracle (generally larger customers who already made the investment in Oracle) and Postgres (after moving them from MySQL if needed). There are risks associated with each database depending on how one sets it up. Alot of it comes down to whether the customer is willing to accept the risk or pay for the security.
I do know that Postgres is the backend for the parole telecomm app in my area, recently upgraded from Postgres 6.5 -> 7.1. Been running fine for 18 months (of course, they really don't want people to know because as they say "the stigma of using a non-commercial database". I'm constantly trying to get them to be a case study in proper DB setup and programming.
Oh well....