I understood why you like tracking a security branch as I have been admining *nix boxes for 15+ years.
Where that approach fails is that as a sysadmin one of the responsibilities is to provide good tools to the user, not reduce work for the sysadmin. The user might be a SaaS platform, developers or more traditional (l)users. Regardless, you want your platform to be stable and efficient from a user perspective. Tracking a "Security" branch only give you one of those in many cases.
It's an apples to oranges in some regards because FreeBSD OS patchsets are essentially the "Security" branch while ports is a different issue(and one the user is most likely concerned about).
Where that approach fails is that as a sysadmin one of the responsibilities is to provide good tools to the user, not reduce work for the sysadmin. The user might be a SaaS platform, developers or more traditional (l)users. Regardless, you want your platform to be stable and efficient from a user perspective. Tracking a "Security" branch only give you one of those in many cases.
It's an apples to oranges in some regards because FreeBSD OS patchsets are essentially the "Security" branch while ports is a different issue(and one the user is most likely concerned about).