They appreciate technical correctness and they do not exaggerate. Most 'security researchers' are not technically correct and they exaggerate a lot (seeking fame and all).
Dismissing their claims is not being selective, it's just the right thing to do.
The fact that most security researches tend to bullshit to pump up their numbers doesn't mean that OpenBSD isn't selective.
The main claim from OpenBSD is "Only two remote holes in the default install since forever".
It is technically true. But it's also selective because they deliberately disable every service by default and don't install any software beyond core.
Once the OS is configured to be useful, we're far from the default install and they would (and have!) refuse to update their motto when confronted with RCEs in those parts.
Which is fair enough! You gotta draw the line somewhere. But that's still being very selective.
> they deliberately disable every service by default and don't install any software beyond core.
Do you prefer that or everything (or most/many services) being enabled by default? It's a good practice and, for me, very practical - I don't need to find everything I'm not using and disable it.
Nobody is saying that their minimal default install is itself problematic.
But trumpeting your default install's safety record doesn't actually say much when the default install doesn't actually do anything. As soon as you add a package or a port you're beyond "default install" territory and their vaunted security reputation's coverage.