I honestly don't know, Daemonfowl. I perceive knf(9) and the audit program as ways to manage both problem/error sets, beyond their union. But these alone do nothing for third party applications (ports/packages), and in many cases, that's what we depend upon.
We rely on security technologies developed by and included with OpenBSD to help protect us from bugs in the OS or in third party applications, and those may have security implications. Example technologies that come to mind: ProPolice, W^X, strlcopy, malloc randomness. There are more. Most of these will function without modifications to third party software. Some, like strlcopy and its sister function strlcat, require active implementation in the source code, either by the port maintainer or conducted in upstream development by the 3rd party.
Some of these technologies will stop a flawed application from functioning, reducing the application's reliability but increasing the security and reliability of the overall system. This would be in a problem space where, from the flawed application user's perspective, the sets do not have a union.
---
I have no experience as a user of OS X (other than casually using someone else's workstation for short periods) and therefore do not know anything about either its reliability or its security. I know that it has closed source components, and, like any closed source program, reliability can be subjective, and perhaps anecdotal.
I can't talk to Andrew T.'s public pronouncements, since I haven't read them.