It is a high bar that makes OpenBSD in security-sensitive roles way more appealing than a distribution with a lower bar. That high bar paid for itself repeatedly when I ran OpenBSD in the late 90s and early 2000s.
That's true, but not for the ports collection. There's all sorts of software there with historically bad track records in security. That's the point...it's just ports of a bunch of popular software.