Well one of the lessons of the recent threads seems to be that there is a lot of disagreement over what constitutes a "misconfigured server". Some people consider a server misconfigured if it doesn't use a firewall to limit access to sshd, some people consider it misconfigured if sshd uses passwords instead of keys, some people consider the server misconfigured if it doesn't use SELinux, etc. Because there are mutually contradictory definitions of "misconfigured", if you find out that a server was broken into you can always come up with a reason, after the fact, why the server should be considered "misconfigured", depending on whose definition you use.
Well, first you need to select security baseline and apply it to server. (for example: http://benchmarks.cisecurity.org/tools2/linux/CIS_RHEL_5.0-5.1_Benchmark_v1....)
But there seems to be some consensus, at least, that exploits do get found which allow apache to run arbitrary code (even under its unprivileged account), and exploits do get found that elevate an unprivileged user to root privileges. So you could offer, for example, a bounty for anyone who finds a way to elevate the privilege of an unprivileged account. That's a lot less powerful than a complete exploit that can be used against any server on the Internet, but it's the kind of thing an attacker might use as part of a larger exploit. So would you feel safer using CentOS/Red Hat if Red Hat, for example, offered a prize to anyone who could find a privilege-escalation exploit like that? Knowing that it would reduce the chance of a black hat finding the exploit and using it as part of an attack?
well, not really.
-- Eero