Yes, IE users were too (that 284 must be a typo since it is off by 81.25). So were Opera users. And any other browser.

It is surprising – shocking, really – that security folks would suggest that somehow we are only "unsafe" or "at risk" when we have unpatched known vulnerabilities. The only logical thing to do in that case is to stop disclosing vulnerabilities ever, so we can ensure this number goes way down and we’ll no longer be unsafe.

What’s worse is that Krebs uses a number to illustrate the "risk". I may have to join Mike Rothman’s "metrics can be gamed" camp if this kind of thing keeps up.