OpenBSD is free if you want to do a net-installation. SuSe and RedHat I know off the top of my head do those too. Its quite easy. If you haven't found the page (its kinda buried), yeah they don't offer ISOs at all.
Net and FreeBSD both have freely available ISOs.
The idea behind Open was that it was a fracture group of NetBSD that wanted to get more involved in security, hence their rigid release schedule coupled with a front to back security audit every release. The idea behind Net was to add to the portability of FreeBSD. Right now I think NetBSD will run on anything from a Tomagotchi to a toaster. Their platforms supported page is kind of nuts.
FreeBSD is easily the most supported, quickest to bugfix, largest group of the three, and probably the easiest to get help
with. All of them will support linux binaries, but not ipchains necessarily. To address your concerns numerically:
1. Hell yeah, you might also want to try LFS, track down a copy of X86 Solaris (cheaper than buying a sparc), and BeOS, QNX, UnixWare.
2. Very few of those instabilities have anything to do with the Linux kernel, but are really problems with the most popular different programs and daemons that are default shipped with the distros. Wu-FTPd, the raging river of suck in the world of security updates was a good example. Even the kings of sticking their head in the ground, RedHat, finally stopped shipping that monster with 7.2.
50% of these vulnerabilities apply to the BSDs too. They usually use the same stuff: same holes in Bind, same Sendmails, same SSH, etc.