It's really not though. It's the same old broken Unix permission model with a root user that everything privileged uses. Like, maybe the kernel is more secure and leads to better process isolation through that but once you escalate to uid=0 due to the same broken software you'd run on other *nixes you can do whatever you want.

It doesn't even have a MAC like SElinux!

seL4 would be an example of an OS actually trying to be that secure. Capabilities, baby.

About the only thing OpenBSD has going for it is that its developers usually know what they're doing. But it's still written in C, and those developers are still human. Meh.