I have minimal experience of FreeBSD vs OpenBSD - I have used FreeBSD now for 5 months in a multi-user environment hosting apache/mysql/php/ssh/ftp - albeit only 15 or so friends.
The only issue I found was with users being able to issue denial of service attacks by executing code that forks repeatedly, perpetually opening new processes and hence eating resources until a cold reboot is required. Howerver - in defense of freebsd on this matter I'd say that the machine we ran the code snippets on was only a p166 with 32mb or ram and 100mb swap space, hardly what you'd use on a production server!
After this we looked at ways in which the resources of the server could be restricted on a per-user basis and set up login classes for different 'types' of user (essentially one class for 'wheel'/effective uid 0 users and one class for all others). By creating login capabilities for each class/type of user, you can restrict various things such as mem usage, max cputime, max concurrent logins etc etc (there are about 30-50 caps in all you can set). Once these caps were in place, the effects of such malicious code execution could be curbed quite easily.
In working through 'man login.conf(5)' on freebsd, I decided to compare login capabilites on freebsd with those on openbsd. I found that the login caps on openbsd were a lot more restrictive by default than on freebsd, and in general the extent to which you can customize the login capabilities on openbsd is less than on freebsd. Hence on this alone (there are a myriad of other issues obviously), freebsd would make a better platform for performing logins (ie via ssh) whereas openbsd might make a better routing/border machine where you don't expect users to login regularly.
In terms of local security exploits, the general concensus seems to be that if you keep your source up to date on FreeBSD then it's a fine platform to host on in terms of security, the only two significant problems in the last month being a ssh potential local exploit and a zlib problem on the freebsd platform.
For much more info, check out the other threads on this forum - there are some brilliant snippets of info on exactly this subject, you just need to read through and find em.
One relevant link:
- the differences between the BSDs