Good point. I would also like add to this that no matter what the defaults are, there will always be some users that don't like some of them for whatever the reason. No matter how hard you try, it's just not possible to please everyone all of the time.
And therein lies the crux of the matter.
ANOKNUSA brings up the subject of security in a default install. While I have talked about moving from a Solaris 10 Desktop/Server setup to FreeBSD 10.2, I suspect that what I run here (essentially, a pair of ISP servers) is not what the majority of new-to-FreeBSD users need to set up. For one thing, I have full Internet backbone feeds (no filtering, including the DDoS and script kiddie stuff) with static IP's.
My upstream feed is a small local ISP, whom I've helped set up a rural wireless deployment, so I do get some "special folks" treatment from them. One biggie on my systems is that I run a Mailman server.
My servers connect to the Internet backbone through Fortinet Fortigate firewalls with Fortiguard UTM to keep the script kiddies at bay. Not cheap, but they sure do a job.
Properly configured, a Fortigate 60 allows me to run FreeBSD "naked" without much fear of the script kiddies getting through. And let me assure you, running ISP services gets tons of hacking attempts---I spend as much time on security as I do on everything else.
As I said at the outset, installing Tcpwrappers with some security as a default gives at least some protection against the script kiddies. It's also simple for a novice to configure.
I'm not going to belabor the default install of
sendmail(8) to any great extent.
As a matter of fact, I have my own way of building the
.cf files, which means that my installation is already non-standard. Yes, learning to administer
sendmail(8) for a novice is probably more of an exercise than something like
postfix(1), but if FreeBSD installed with
postfix(1), I'd build
sendmail(8) and install it. Installing it as a default sends a clear message that "Hey, Toto, this isn't Linux." That along with not installing an X11 server and one of the popular (Linux) window managers by default.
Virtually all of the security notices I've seen have been for
ssh(1),
ssl(3),
bind(1), and ntp. What are you folks going to do, eliminate
ssh(1) and
ssl(3) from the default install because they get security notices? A lot of things depend on having those two.
Going back to
protocelt's comment, I don't think that any out-of-the-box O/S install is going to meet the exact need of any advanced UNIX user.