Debian has had many discussions over the years about this, they all devolved into bikeshedding about dropping an MTA from the default install vs switching to postfix etc.
What do you think is the worst security vulnerability that email MTAs have to deal with? The MTA itself or the end user? The most secure smtpd will still deliver a nasty email.
Note also that someone has actually bothered to do an assessment and published results. Does your preferred MTA enjoy that sort of attention?
