[munchlax]

I doubt you could keylog my openbsd server that I remote into over ssh or serial.

I also doubt you can take pictures of me when it doesn't have cameras attached. If it did and you were to take pictures, you'd see some blinking leds and cables all day.

And I highly doubt you could take remote control even if I had openssh open to the public.

Perhaps your industry just doesn't care about the same things the openbsd community does.

Edit: I missed the ssh key stealing. My keys are always encrypted.

[charcircuit]

Bash aliases and PATH aren't protected so malware can change ssh to something else and steal your encryption password to decrypt your keys.

[munchlax]

Yeah but how does the malware get there?

It would be very powerful to get malware into ports and packages. It would also be noticed rather quickly. OpenBSD developers tend to run everything through dynamic tracers and other debugging tools.