> It's just that expecting perfection security-wise from complex systems is a fools errand.
I think that may have been the OP's point. Bash is more complex than sh has to be hence because FreeBSD choose the simpler option they avoid the inherent security implications of complex systems.
Exactly, FreeBSD uses the simplest solution for the task, in the name of security. FreeBSD isn't "secure from Heartbleed because they don't use Bash" but rather, FreeBSD is "secure because by default only the most basic, necessary software is installed" which happened to be sh instead of bash.
