Jernej: AFAIK there was only one provable and admitted case of an exploit of OpenBSD's public facing systems, and that was of an ftp server that happened to be hosting OpenBSD tarballs. And while FAQ 8.18 says that the project's publicly available servers at openbsd.org do not run OpenBSD, a compromise of an openbsd.org platofmr is really not the issue, though it highlights it.
When you install this OS, it is "secure by default." Wonderful. Making any configuration changes or adding any software might compromise that security. This means that security of the software configuration and the hardware platform are the administrator's responsibility -- mistakes could be made. In addition, OpenBSD systems may be compromised (and probably are) for other reasons than administrator error. Compromise is always possible through human behavior -- such as the inadvertent disclosure of passwords or keys, through "social engineering" scam attacks, etc. FYI: Since the inception of OpenBSD, there have been exactly two known remote exploits found in the OS. That's a pretty decent network-based security record for a general purpose OS.
