The BSD part of OS X is quite robust, there's probably very few exploits if you stick to POSIX. The open source software they use in userland often takes a while to be updated, or they may stop updating it altogether if they don't like the licence (e.g. SMB when it changed to GPL3). Their own homespun libraries seem to be pretty poor.