It is good to keep in mind though that there are two things to consider. One is the correctness of the applications used. Poorly programmed software is going to have security vulnerabilities regardless of if it is running on Windows, Linux or BSD. Another thing to keep in mind though is that different operating systems have different security features for mitigating vulnerabilities. Running buggy software on OpenBSD is not going to be as big of a threat as running it on Windows XP, because OpenBSD has full ASLR which makes actually exploiting some vulnerabilities a lot harder. Qubes has really strong isolation which makes it a lot harder for an attacker who pwns an insecure application to then pwn the entire system. The differences between operating systems are even more important for really advanced users who know how to use the security features that the OS makes available. A noob using FreeBSD might not be way better off than a noob using Windows 8, but someone who has mastered the very feature rich Mandatory Access Controls of FreeBSD is likely to be better able to secure themselves than someone who has mastered Windows 8. So yes, insecure applications are insecure no matter which OS they are run on, but different operating systems have different features for mitigating the threats that insecure applications introduce.