PfSense is a must if you are running ESXi topologies.
SystemD hatred is pretty simple. A large amount of untested, potentially unsecure, unaudited code was placed at the core of Linux's userland, and forced on end users (enterprise IT shops) without any real testing or feedback by end users.
RedHat has bet the farm on SystemD... if/when it has security issues (it has network connections, so in theory, it can be remote rooted), it can cause a mass flight from RHEL and downstreams. The gain? Little to none, from the end user point of view.
I am keeping fingers crossed, and hoping someone forks the cash for an audit of the code... Oracle and Microsoft are waiting in the wings for mainstream Linux distros to fall on their face if something does break.
You do realize that most of the systemd addon daemons run
1. As a completely separate process
2. With the minimum permissions need to do their job.
3. The stuff with network connections are definitely optional..
I know they have some network things that they optimized for containers but they don't seem general purpose so I don't run any of them on the servers I'm testing systemd on. So far the only actual Systemd issue I've had is that it screws up pulse audio on one of my machines (works fine on the laptop screws up on my desktop).