Linux – the problem with using Fedora for servers

I have used Fedora for hosting servers a lot of times. I have never faced any problem. Still all the new users come and tell Fedora is not secure. We should use Ubuntu / CentOS or some other distribution but not Fedora. I never understand what is the problem with Fedora. What makes other distributions more secure.

Few points:
1. Fedora comes with iptables configured to allow only SSH. Plus we can always configure iptables to even block SSH if we want too. So no short coming on firewall.

2. Fedora releases updates regularly (both security and general patches).

3. People say distro X releases new version once in 5 years and Fedora once in 6 months. How come releasing once in 5 years makes things secure. IF you feel 5 year old things are secure install five year old OS or dont upgrade for 5 years even if new version comes. Personally I feel not giving new version for 5 years does not adds to security. You would have to release patches for 5 years as and when bugs get detected. So using very old OS just means more patches. If we use recently released version then we have to apply less updates / patches. How releasing once in 5 years makes things secure I have never understood.

4. All OS uses similar packages like Gnome, Open-Office, KDE, Open-SSH, Apache. Do other distribution developers spend time reading source code of these packages and correcting security errors, if any? Even if they do wont they publish those flaws and all other distributions would release patches for it including Fedora. Or would they secure their own distributions and not bother to notify others. This all assuming they do read all millions of lines of codes of packages as big as apache, gcc, Open-Office. If this things are same in every distribution, what makes Fedora more vulnerable.

5. Fedora comes with seLinux preinstalled and nicely configured.

6. Bind runs in chroot by default in fedora. Now with Fedora 11 DNSSEC support is also present by default. See question DNS Server on Fedora 11 where some one pointed Fedora in not good for hosting DNS. I do not know why.

In fact one of the new admins installed Cent-OS 5.3 on one of the test machines. I used it to ping one IP which was not there. I got ping replies. I was astonished since it was not possible. I tried to find out the location from where replies are coming but failed. At end after trying for more than a hour, I removed network cable from CentOS machine. I was still able to ping the IP. Then I tried to ping IP address of the machine. I could ping that too. So I was able to ping two IPs (not others, I tried them too) when machine was configured with one IP and no aliases (eth0:1, etc.) were present. I checked ifconfig output too. I lost complete trust in so called server distributions and installed Fedora 11 on all test machines. Now I do not face such strange problems for things as basic as ping.

I would really appreciate if I could get real life examples which indicate Fedora is unsecure and if in that case it were any other distribution things would have been fine. Do not give examples were admin made mistakes. We cant blame a distribution for that. Also do not give very old Fedora 1, 2 or Fedora 3 examples. Fedora project is very mature now especially last two versions 10, 11. If you have faced security issues which are particular to only them, please share your experiences.