As a side note, I must add this: All OSes are basically the same in security when it comes down to it, as true security relies on the admin. Windows can be as secure as OBSD, and OBSD as insecure as default windows. It all matters to how much the admin knows and is willing to configure for security. My point above was to state default security and security that can not be simply configured. OBSD has that default security and built in security. What I mean by built in security is exploits:

An OS exploit is very rarely able to be halted through normal security means. You either have to wait for a patchor fix the code yourself, as it is something wrong internally with the Os, and not fixable by a simple configuration (for the majority of exploits)

Liken it to building a prison. You build it using hard, solid rock and brick, allowing no windows or doors. You have configured it for security 100%. An exploit would be learning that the kind of rock you used is vunerable to salt, and thus there isn't a damn thing you can do about it until someone developes a fix for that. OBSD, in short, has far less of those build in exploits due to the continual code audit, and thus my reasoning behind recommending it.