Various folks, such as this site: <a href="http://geodsoft.com/howto/harden/OpenBSD/kernel.htm" rel="nofollow">http://geodsoft.com/howto/harden/OpenBSD/kernel.htm</a> have suggested turning of loadable kernel modules to harden a kernel.<p>The two things that loadable modules provide (runtime configuration, and third party proprietary code support) are not that valuable. I've always turned off loadable modules when I've build custom BSD kernels for servers for exactly that reason. I get around the propietary code issue by making sure the server I configure has hardware for which non-proprietary and/or source available drivers exist. Which for servers is generally network and disk drivers so pretty easy.
Loadable kernel modules have long been known to be the source of potential security risks due to the fact that the kernel now has a way to intentionally load code into itself. A project like OpenBSD to me should never have included this feature in the first place, but I hear the mechanism that is being dropped is and old and obsolete version that nobody ever used.
Here's a link to the phoronix article on the change. There's a bit of discussion about it in the comments as well.<p><a href="http://www.phoronix.com/scan.php?page=news_item&px=MTgyNDI" rel="nofollow">http://www.phoronix.com/scan.php?page=news_item&px=MTgyNDI</a>