It's much better than the old days. pkgng and freebsd-update make it pretty straightforward to keep updated... not really any different than on any of the Linux flavors I use. The ports tree is hooked up with pkgng too, so you can mix and match (before they used to recommend you only use one or the other).
The major problem is at an enterprise scale (hundreds of thousands of servers and above) it becomes untenable due to the nature of ports tracking upstream and constantly in flux.
It makes it difficult to support the applications and services that run on the OS as a result.
Whereas with something like RHEL/CentOS, we're guaranteed stability for years and can patch without too much concern of major breakage.
This is the part that really appeals to most enterprise users.
Everywhere I've worked (from places with a handful of VM startups to 20k machine enterprise) it's also a cop out to completely abandon care and feeding of systems. I call it Long Term Suck, and I've yet to see a place where it has not caused long term harm to an organization big or small. If you aren't equipped to deal with gradual shift in API of dependencies, you shouldn't be doing whatever you're doing or the code has a half life and should be trashed after the employees that understand it have moved on.
What _is_ important is ABI stability of the kernel, because it lets you figure out how to deal or not deal with Long Term Suck on your own terms and lets proprietary software vendors figure out independently how they want to do deal with it. Both Linux and FreeBSD kernels do this pretty well.
The recommendation from the guys in #freebsd in freenode was for [you] to build pkg's yourself from ports, which means you always have versions you know work lying around.
I thought it was a nice idea, and they really push this as being "an easy thing anybody should be able to do".
which fits with my philosophy of "severs should not have/use compilers"
