You don't get it. They are both buggy. That is why you have to split hairs about vulnerabilities...
Are you aware that not all bugs are equivalent in damage potential? The very fact that you list local rooters on the same scale as remote rooters betrays a large amount of ignorance.
Plus read my other posting on this thread about sendmail
Sendmail doesn't have anything to do with Linux, except that some Linux distributions ship it. So rag on those distributions. Sendmail is a joke and people have known this for at least 20 years.
and apache
Anyone who runs apache as root has no idea what they are doing. You have to use at least two exploits to gain control of a system through Apache, as it is installed under a non-root uid in every distribution I know of.
But hey, don't let the facts get on the way of your prejudices.
Oh, I get it, you're one of those "fair and balanced" people for whom there is no right answer to anything. Any preference one way or the other is automatically considered to be prejudice or religion. Give me a break. Some designs are sane, and others are not. Microsoft started out with NT as the Not-Unix, and slowly is re-learning every lesson Unix had already had to deal with.