Something to really consider - though not for everyone. Steep - that's the best way to describe the ascent to the peak of the security in Operating Systems.
I went through the process myself and I'm still going ... But like any real mountain expedition, once you've reached the summit, you forget all the troubles going there.
OpenBSD is similar. My first trial was with 3.1, which installed basically rather simply. But it wouldn't do anything. Then, I was told that you need *to know* in order to get anything out of it. And now I enjoy the view off that summit. Being a system administrator now I can fully appreciate what OpenBSD does. In between I had to 'lock down' some Linux servers of the Debian, Mandriva and Redhat brand; do regular patching, and so forth.
With OpenBSD much of this is not needed. The only thingI have to do is *activate* (which is much easier than 'lock down') and apply patches. And there are fewer than for the other operating systems.
Meanwhile, OpenBSD is my favourite and the easiest to install (if you don't insist on GUI).
My only personal qualm with it: It is not exactly a desktop operating system, and worst: it always is actual for exactly one year, then you need to upgrade (which is usually smooth, but does take a few hours).
In short: For servers - especially when security is involved - there is nothing better than OpenBSD ! Honestly.