If it were a fact, then you would be able to point to some clear and objective evidence of that right? (Keep in mind that because you are referring to 'security' as some kind of blanket term you'd be responsible for providing that kind of evidence for the majority of aspects of the term and of course how exactly you know that your set of aspects is the majority).
So number of security flaws doesn't matter, because the more bugs you have, the better it is.
Uptime doesn't matter, because you dont need to reboot after a privilege escalation.
Design choices doesn't matter, because .... (insert stupid reason here)
Which evidence do you want? The holy spirit telling you that BSD runs your infrastructure?
Not to mention it's not hard to find high-profile people in computer security who disagree on "well-known" concepts.
Security is not a concept.
It's a question of counting flaws and measuring uptime.