[ch0ic3]

For sure! An argument in OpenBSD circles is that contrary to popular belief one can have security through depth. This means that even though you'll never be 100% secure you can definitely make an attacker's job harder and their life more miserable. Of course, if the NSA wants to attack you then they'll probably succeed, but for your average script kiddy / botnet scanner / worm exploiting some vulnerability having multiple layers might be enough of a deterrent.

I'm not a security person but I also think a lot of malware damage comes from companies / users using misconfigured or outdated software. As such, if you were a sysadmin, knew what you were doing and had the time, then running GNU/Linux is probably fine, but I'm not super knowledgeable. I just want to host a website or run a tor-relay on a VPS and not have to worry about updating my system as soon as some 0-day is announced in glibc or systemd; even if it's in the service itself, my hope is that by using a non-mainstream OS the exploit might not initially target it, hence giving sufficient time to see the news somewhere and patch / update.