I would guess no one knows. But all of my CentOS installs are OOB as concerning SELinux, except the two scalix installs, which have some custom 'stuff' thanks to the scalix instance naming.
All I know is at the last two companies I worked at - AT&T, a small team building software for the NOC, a smaller root CA, and here at the federal agency I'm at, we either turned it off, or have it set to permissive.
I disabled it on the last 1000 hosts *I* installed....
Hmmm... it would be interesting take some Centos systems with production like deployments (say 3 with SELinux and 3 without) and ask a professional pen-tester to try to get into them.
Anyone willing to contribute funds (or time) to such a study? It would be educational experience and good PR, at the least.