Xpenology is secure, as long you don't directly connect it to the interwebz.
Use a VPN to connect to your nas. This way you will be safe for a newer version of CryptoLocker.
As for software updates:
- As long the bootloader keeps working you can install updates (Use a VM to test this)
- Some parts of DSM are opensource (see: http://sourceforge.net/projects/dsgpl/files/ )
I had the same problem as you have when i builded my NAS.
The interface from freenas / nas4free is just too ugly for my, i like eye candy xD.
At the end, i took the gamble and picked xpenology, and never looked back =).