[charcircuit]

Bash aliases and PATH aren't protected so malware can change ssh to something else and steal your encryption password to decrypt your keys.

[munchlax]

Yeah but how does the malware get there?

It would be very powerful to get malware into ports and packages. It would also be noticed rather quickly. OpenBSD developers tend to run everything through dynamic tracers and other debugging tools.