I enjoyed reading the article, I didn't realize I could have this layer of immutability on my OpenBSD systems so easily. But after reading the comments here, indeed the real solution is to export the logs to a central server in another security domain à la PCI requirements.

On the other hand it's great to have documentation like this. I feel there's a gradient between convenience and security and immutable local logs could provide a layer of defense without requiring another server for logging. Maybe a "nice to have" for a small homelab, security practice, etc.

Without defending this endeavor, is the immutable bit all that different from macOS's SIP?

OpenBSD isn't trying anything along those lines. The author is. Your statement comes off as an odd and disingenuous conflation. They are just file system attributes shared alike with Linux and a few other operating systems.