Yes and no. OpenBSD always had far fewer exploitable bugs than Windows, so it presents a smaller attack surface. And far fewer people bothered to develop exploits. Windows has always been the big juicy target, with exploits easily available.

But on the other hand, it only takes one.

I'd challenge that. Given that there are serious security architecture differences between Windows XP and OpenBSD systems.

For starters, Windows XP has always optimized for "plug random hardware in and it Just Works" while OpenBSD aims more at "what is the minimal number of services we can have running in the base image."

Sure, OpenSSL vulnerabilities found in the intervening time will still affect both, but we're still talking orders of magnitude difference in RCE vulnerabilities.