You must be alluding to this story's title. It actually mentions two distinct properties of Owl, our focus on security (more on it below) and our inclusion of a complete build environment and full source code (even on our live+installable CDs, which also include all of the binary packages - yes, it is possible to rebuild from source even while CD-booted should you want to for some weird reason - we sometimes use this as a stress test).
We have a policy to audit certain security-critical portions of code in software that we're about to include into Owl, and we fix whatever issues we find. (We also submit our patches upstream and share them with other distros. You're likely currently running software with our fixes even if you have never heard of our project - e.g., do you use xinetd or OpenSSH?) And we make sure the programs will normally not be run with excessive privileges; quite often, this involves minor re-design of the program to introduce privilege reduction (e.g., syslogd, klogd, crontab/crond, Nmap) or privilege separation (e.g., telnetd).
As to third-party software that one might install on top of Owl, we include some security hardening measures that will mitigate the impact of many security bugs. This includes pam_mktemp, which will create per-user $TMPDIR on login (or on cron job startup, for that matter), and "transparent" modifications to many system libraries (starting with glibc). More importantly, the Owl userland separates Unix (pseudo-)users to a greater extent than many other Linux distros do. We got rid of almost all SUID programs, which would pose a risk of "local" attacks (only "ping" remains for now, and you can "control ping restricted" to limit its use to root). If you run the additional programs under separate accounts (e.g., a user runs an IRC client, or you run an IRC server under a dedicated pseudo-user account), then your risk of having a possible compromise propagate to other accounts is lower than it would be with typical Linux distros.
Finally, there are OpenVZ containers for even greater separation. A real-world example: several instances of DokuWiki "live" in the same container (separate Apache virtual hosts and Unix accounts). This container has Apache, PHP, DokuWiki on top of the Owl userland. Another website, not requiring PHP, is placed into another container on the same server. No PHP, no DokuWiki in that container, thus lower risk from those. For a "mail server", a third container may be created, maybe with no added programs (Postfix, popa3d, procmail, Mutt, mailx are a part of Owl) or maybe with some mail-specific ones.
Now what's that, a serious write-up in response to a sarcastic comment? Whatever.