OpenBSD people, IMHO, do loudly claim
to be very security-focused, and doing a better job of it than everybody else, here is how - but code audits (both automated and by humans) are time-consuming, and only go so far. Equivalent functionality is relatively easy to implement on FreeBSD, but real security means learning how to load a copy of the
Stuxnet binary into
devel/gdb, figuring out what the 900-KB binary is even trying to do, and connecting a few dots...
Well the OpenBSD people are quite fanatic when it comes to security. Security is their main priority, so don't expect OpenBSD to take the performance crown anywhere. For most tasks it is performing ok, but will be most likely always be outperformed by FreeBSD or Linux.
Security means for them, amongst other things, this:
* the default system comes with everything turned off. Want to have SSH access? You have to enable it... and so on and on.
* quite often rebuilding the wheel from scratch with various success because the standard implementation of a well established protocol didn't fit into their philosophy, either license wise or for other reasons. Examples of that are: OpenNTPD, OpenSMTPD, OpenSSH, OpenBGPD, Pf, CARP. Also the LibreSSL fork. OpenSSH is clearly the most popular of these, though.
* if something threatens security they will do cut corners without compromise. When it for example became obvious that hyperthreading is a hardware security issue their response was to turn if off by default. Or dropping loadable kernel module support entirely back in 2014.
* when informed about exploits they've got some of the best in industry response times ever in terms of fixing it, communication to the world and pushing it out.
* as a result their kernel code base is also much, much smallers compared to other OS. OpenBSD kernel is around 3 milliones LOC, FreeBSD more around 10.
So due to that when you're new to OpenBSD you've got to rethink some of your practices.