Re: ROP Gadgets
For SFTP services, OpenBSD is in the top tier for security.
That's why I am happy with my current ISP, they run their entire platform on FreeBSD. It means I have web services, SFTP access and a usable command line via SSH with fewer security worries (unless, of course, I'm an idiot and choose simple passwords :) ). They also serve financial institutions, which means I have the added benefit of the security processes that that imposes on them as well (one of the reasons I chose them in the first place, it's an old trick).
This is why I like interoperability in general - a non-homogenous platform avoids the cascade effect you get when a new vulnerability exposes otherwise an entire platform.