I'm always interested in this but I will also be the first to admit that many people are much more knowledgeable than me when it comes to potential security flaws!
Surely if you run
sockstat
and ensure that only port 22 / sshd is listened on FreeBSD then it is pretty much just as secure as OpenBSD just with sshd running too?
It is not like an operating system can be made to listen on a port remotely just by firing packets into it.
Or are we talking about UDP / datagram stuff such as dhcp clients being vulnerable?
Most problems that I can see will be caused by "extra" software such as shoddy web browsers making random connections to anything and everything but even that is only able to gain an unprivileged user account and must escalate privileges from there to write outside a home folder.
Sloppy crap like Windows with its many pointless "user friendly" servers provide a large attack surface (such as the classic lsasss worm exploiting some stupid service) but in general UNIX-like doesn't work like this, it doesn't have pointless services on by default.
The one thing I respect about OpenBSD is that they are not afraid of keeping "old" stuff. Rather than constantly jumping to the latest version like some sort of Facebook kid, once it has been audited, it takes an extremely large number of benefits to make them update. For example their older version of Apache before they wrote an internal web server and even their Fvwm window manager is old; and why not. Who cares if I cannot easily change mouse cursors using a png file in this version, it is known to work and it avoids Linux-like daily regressions