No, I think having a high quality secure design and a security audit by examining code is how software is considered secure. OpenBSD audits every line of code that it ships, and the last remote root exploit I could find was 2007. DJB's stuff (qmail, djbdns) are designed to be secure from the ground up, and I believe are considered to be secure. (Opinions vary about other aspects of his stuff, though.) "It's been a while since I heard of a virus on Mac OS" is how Mac OS is often considered secure, yet the list of remote exploits is rather large [2], compared to OpenBSD's (exploit-db.com doesn't even know of the 2007 one, but Mac OS has more remote exploits than OpenBSD has local explots [3]!)

[1] http://www.coresecurity.com/content/open-bsd-advisorie [2] http://www.exploit-db.com/remote/?p=osX [3] http://www.exploit-db.com/platform/?p=openbsd

Have you actually seen the OSX exploits listed? It's to do with .exe binaries or Internet Explorer that has nothing to do with OSX.