It's not really the os that is vulnerable
it is the extra apps that have the holes in security.
[ your own example of sendmail shows this ]
the os doesn't include email server, webserver, ftp /ssh .vnc servers. That is the distros that include those.
one of the easiest means to secure yourself, go into the configuration of firefox or seamonkey and TURN OFF AUTOMATIC SOFTWARE INSTALLATION. if you want to install a particular addon, turn it on before clicking the install link. Don't allow a site to install an addon easily.
I find that postfix is more secure by default than sendmail [ not by much, but it is better ] and postifx can use the sendmail config files to ease the migration.
