SmartOS is a fork of OpenSolaris right? Solaris used to have its share of public vulnerability discourse when it had more users, and it quieted down as the user base shrank and people stopped deploying it as a general purpouse server OS. In a slow moving niche OS I wouldn't put much weight on low volume of public security problem discourse especially in face of apparent architectural problems.
Yes it's a fork of OpenSolaris. Companies are running clouds with it, with containers of different clients running next to each other on bare metal (no VM to re-isolate). If it was so easy to exploit it would have been done already wouldn't it ?