My case wasn't that this would have protected me from past vulnerabilities in OpenSSL; my case was that OpenSSL is demonstrably crappy code. If code has a history of security vulnerabilities, odds are that it will have more in the future.
You make a fine case for not running OpenSSL at all, and a poor case for jailing OpenSSL. That would be nitpicking, except that you implicitly offer your strategy as advice for others.
It's funny that you're arguing this though, since, given your marketing message, I can understand making ineffective cost/security tradeoffs. I'm at some pains to say you're not crazy for doing it.
You make a fine case for not running OpenSSL at all, and a poor case for jailing OpenSSL.
Believe me, if there was a good alternative to OpenSSL, I'd be recommending it. Running OpenSSL in a jail is a horrible solution; but at least it's better than anything else.
