Theo De Raadt is one security researcher and his views on virtualization being used for isolation / security are not held by all security professionals, for example the team that made Qubes would obviously disagree with him. My favorite thing to say to people who are rabidly against virtual isolation is that if correctness is the only way to be secure people should make a correct hypervisor because then the attacker wont be able to break out of it . Also OpenBSD is big on correctness via constant code audits by professionals, but a significant number of security experts will be quick to point out that OpenBSD has pretty shitty support for security via isolation, it is kind of controversial that they have no mandatory access control systems and its support for virtualization technology is shitty as well. Don't discount the real security advantages of virtualization being used for isolation based on the words of one person, even if he is a world leading security expert, because others of the same caliber disagree with his position.. Defense in depth is imo the best strategy and it is a shame that the openBSD team thinks they can ignore isolation in favor of code correctness, OpenBSD may have very few remote code executions and a history of high correctness but when you run OpenBSD you will be running other non-audited applications that have plenty of zero day vulnerabilities. It would be nice if you could isolate them with mandatory access control systems and virtual machines, but good luck doing that on OpenBSD.