Debian (stable) is a well respected server Linux distro. I was surprised to see that in their hardening walkthrough (https://wiki.debian.org/HardeningWalkthrough) they do not support position independent executables (and ASLR and a few other useful security flags) in the latest stable build (Wheezy), while most other distro's do support these things.
Since Debian stable has stood the test of time, I am thinking I must have assumed these security features are a lot more important than they actually are in practice.
Can someone explain why Debian is able to get away without having these security features and yet not be hacked to the stone age every day?