ASLR offers protection from vulnerabilities that have not been fixed and even not been published yet
I agree that full ASLR deployment would be better but the real advantage of ASLR comes into play when one has insecure code. Tilo Muller states in "ASLR Smack & Laugh Reference",
"ASLR is not a replacement for insecure code, but it can offer protection from vulnerabilities that have not been fixed and even not been published yet."
By insecure code one obviously means not just a piece of code but the entire design of the system. There are fundamental differences between the way Windows systems are built using heavily interlinked parts vs the OSX system. Hence code vulnerabilities lead to fewer exploits. OSX still has issues but they are not as systemic as on the WinX systems where you do want to randomize since there are already so many entry points.
Also, on 32 bit address architectures, address space randomizations are fairly ineffective.
from the paper "On the effectiveness of address-space randomization"
"The resulting exploit is as effective as the original exploit, although it takes a little longer to compromise a target machine: on average 216 seconds to compromise Apache running on a Linux PaX ASLR system. The attack does not require running code on the stack."
Essentially, there aren't enough bits to do an effective and thorough randomization on 32-bit machines.
I think 64-bit systems are up next ...