1. That's bollocks. Obvious bullshit. All software doesn't have the same security track record. Do you also think sendmail and seL4 have an equally poor security track record?

2. Even if everything did have an equally poor security track record, why would that mean security bugs are no more significant than any other bug?

Honestly I'm dubious you've thought about this at all.

Well, except OpenBSD. They’ve only had two vulns in forever.