The intent of my second post was not to start an OS jihad.
About Linux kernels not being QA-ed revolves around the stuff at www.kernel.org (and mirrors). Certainly the major distributions put in a certain amount of effort in QA-ing their releases, but there are only varying degrees of out-of-the-box security in Linux distros and nothing that anyone should ever expect to be sufficient for a production server live on the 'net. This is meant to scare anyone away from Linux, but it's simply a wakeup call/caveat emptor.
I wouldn't be surprised if OpenBSD is more secure than a fresh install of whatever Linux distribution, but there's a certain amount of security aptitude necessary to bring both boxes up to production level security in both cases. OpenBSD gives the sysadmin a head-start, but a competent UNIX sysadmin should/must be able to get a Linux/Solaris/IRIX/whatever box up to the same level; you just start at different places on that path depending upon your choice of OS poison.
