"Cunning tricks at the compiler level help catch coding mistakes, but it needs a thorough code audit to actually find all the flaws, some of which will be serious enough that no amount of voodoo will stop you getting rooted."
Yes, I couldn't agree more. My point was rather that on source-based distros everyone's binaries will be different enough to stymie many classes of attack, due the variety of features and options enabled at compile time and disparate version numbers involved. On binary distros everyone's binaries are likely to be identical, so an exploit targetting a specific distro is likely to work on the majority of machines running that distro.
"Better get yer Mum to fit a lock to the basement window first ;)"
Next time I'm visiting I shall mention that to her, although I doubt it will affect the physical security of my many Gentoo servers which are all hundreds of miles away in secure hosting centres.