This statement conflicts with other statements here -- is this actually true? It sounds like a security hole.

if you have exec permission (pledge "exec") you can exec another program and it starts with a clean slate. It's about dropping privileges so it's assumed you know what your doing and in the best case scenario the executed binary will pledge itself.

Pledge is not some external security feature but something that every program itself manages.

Why not just pledge not to exec?

Fork and exec are different operations.