One thing that he doesn’t mention is an artifact familiar amongst those who know about browser stats: spoofing. It’s clear that it happens: it’s an FAQ on more than one Apache mailinglist, and lots of people are quite insistent about it. Mainstream and reputable apache security books recommend it, and show as an example setting it to claim to be MS IIS. Some of the people on the lists are doing it for (percieved) security reasons. Having these recommendations out there ‘in the wild’ puts systematic downward pressure on the survey figures.
Because Apache is opensource, it’s very easy to spoof the signature. And even for those who would be scared to change a light bulb, there’s the option of doing it with mod_security. Given that it’s both trivial to do and recommended by some, one could argue that it’s impressive that it holds up anything more than a niche market share in these statistics.
Of course, that doesn’t apply to closed source servers like IIS. Does it apply to other open source servers? I don’t know, but I expect they may benefit from the evangelism that comes from being part of a minority community. Apache and IIS may be the only servers whose numbers are so high as to be totally dominated by non-core-community users.