If you speak about Linux distro i think make more sense use stable distro instead at solution as Gentoo more focused on performance and last packages. Indirectly using last packages means, potentially, more security problem, instead of using a little old package but with fix.
Just as idea, in case of linux, do you already give a look at kernel patch?
As for example
grsecurity?
Do you have already take a look at the
Access
Control
List (and other similar solutions) for a more fine permissions of the users on a system?
Etc.
The safety aspect is fascinating and the few that can get the necessary skills earn lots of money ...
Generally, i think, is better focus the time (the time isn't infinite) on these type of aspect instead of build or use an OS from scratch.