The main advantage is in terms of manageability - anytime someone on
your SharePoint sites wants to change a SharePoint group, they can do
so without involving your AD administrators (assuming proper
permissions, of course). SharePoint groups  are also the default mode
of management for sites, since it makes doing batch changes on
permission levels much easier on a site-by-site basis.

Sharepoint groups  can be created and edited by administrators in
SharePoint who are NOT Domain Admins. That allows security
administration to be delegated to powerusers. That is the main
advantage.

Of course, Active Directory was designed so that security administration
can be delegated as well (using OUs). So MOSS groups  don't have really
have an advantage that way - it's just a different way to go about it.

Keeping all of your security in a central location reduces maintenance
costs as you scale out, so using strictly AD for your MOSS security may
be a good design. But don't try and mix MOSS and AD groups - use one or
the other. If you want to delegate security administration but can't use
only AD delegation, then use MOSS groups and train your MOSS
administrators to maintain it using ONLY MOSS groups and users - NEVER
AD groups.

I disagree on two counts.

1) Although you can restrict access in the AD to specific OUs, you
have to give the administrator some AD access to those OUs. Using
SharePoint groups  the administrator doesn't need anything other than the
normal ReadOnly access to AD that every user already has. That way you
can't accidentally give someone too much access in AD.

2) Also AD access, even restricted OU access applies to more than
just SharePoint. A Sharepoint Farm administrator can delegate security
in SharePoint without needing to be a Domain Admin. If you administer
SharePoint by limiting access to OUs somebody needs access to all of
them to administer the limitations. If I keep administration in
SharePoint the Farm Admin doesn't need Full AD access

Having said all that, I agree you should keep your groups in one place
and if the SharePoint admins are Network Admins then keep them in AD.
But the strength of SharePoint groups is that you can delegate authority
without having to involve the AD admins at any level. So I still think
SharePoint groups have an advantage in that specific scenario.

If your AD admins have already delegated administration using OUs, then
you still don't need to involve them. You already have control over the
users and group accounts that you need.

I believe that SharePoint resources are just like any other corporate
resource and should be secured just like any other server, file share,
or printer.

Agreed. The point is that in a lot of companies AD admins haven't
already delegated administration. In fact in a lot of companies AD
admins won't delegate control of OUs. When that's the case SharePoint
groups should be used.

This is one of those areas where sharepoint  empowering the user is met
with enthusiasm from management and with resistance from I.T.

For sites that will be targeted to a relatively stable audience, we
manage security in A.D.

Authority over ad-hoc collaboration groups  are passed down to a group
administrator so that we don't have to be bothered with frequent
changes.

We enjoy a middle ground where we have actually built a tool to empower
selected users to make very limited changes to specific A.D. Universal
Groups.

Most large companies have to mix SharePoint Server 2007 and AD Groups,
fwiw. It works fine as long as the AD Group being embedded in the SP
group is a Universal group. Basically, you should use Universal groups
for the majority of SharePoint stuff - permissions and audiences being
the two I know about.