I was nodding at this article until I got to the part that said that OpenBSD should have used "Exim or Postfix and MaraDNS or NSD" to replace Sendmail and BIND, and then decided that the author didn't in fact know what he was talking about.

It is however a real critique of OpenBSD's security model that they haven't pursued enhanced access control (Niels had to bolt it on with Systrace because Theo doesn't agree with the concept).