No, rather the API changes rapidly so nVidia and ATi have to port their drivers to each and every individual Linux kernel version whereas with Solaris kernel I've gotten the impression the drivers just work with new kernel versions. I've been told this is a good thing because it discourages writing closed source kernel modules.
The license/freeness thing was related more to the the drivers not getting shipped with the LiveCD's. It might be though that I'm wrong on this second part and it's a deliberate choice that LiveCD's don't usually come with proprietary drivers.

The problem with so called "stable" APIs is that they may have unresolved bugs and design flaws go unfixed for years in the name of compatibility. I dont know of many APIs that are stable especially ones that have gone unchanged for years on end. I dont think "stable" is quite the proper term to use... Stable appears to be an antonym in this case...

I actually develop a LiveCD for my own personal use. I keep it updated on a regular basis, and with all of the tools and stuff I need to do my job. Even though I am the only person who will ever use this livecd I chose not to use the proprietary drivers simply because the open drivers are far more stable. See theres that word stable. Stable in this case actually means something valuable. Even though the code is highly experimental with a with a bunch of brand new activity in every part of the stack.... Even through all of this it is still more stable than the proprietary drivers. That says something important that we all need to pay attention to.

Stable in this term pretty much means "does not change", I think. Stuff gets fixed behind the API, the API itself remains static. And yes, now you do know at least one. Solaris. Anyway, this is getting plenty offtopic, I just meant to reply to a post that there's a good reason nVidia kernel modules work with new Solaris kernel versions always...

I peice of junk that doesnt change is still a peice of junk. If you have an API with a function that is used by 20% of the applications that use that API, and later on find out that function can be used to exploit the system for something, in a so called stable API that exploit canot be fixed without breaking compatibility with 20% of the applications that use the API......

And sure I do now of a few stable APIs but the Solaris kernel definately is not counted as one of them. The thing that makes Solaris worthless for most people is its total utter lack of hardware support for some of the most common hardware on the planet. And even the few drivers it does have are mostly half-assed and broken on everything but the few revisions of the hardware that the developers had........

EDIT: See thats why I like the GPL. I can actually look a the code and modify it to work with my hardware. Granted I'm not a programmer, but many other people are. The point is that through the GPL I can help improve the driver for my needs. I think in the end provided that enough interest exists it is possible t5o take a craptastic driver and turn it into an awesome example of the power of open source. We are seeing that right now with the open source ATi drivers.I think it could have been done quicker if ATi had committed itself more fully than it has, but it is there own loss not mine.

API's can't really have exploits, API *implementations* do. You can still fix the implementation while keeping the API as it was. You don't remove the function, you just make it safe. Your reasoning sounds pretty much like FUD. (let alone that many times the myth that the API gets changed only to fix exploits stays a myth and it seems it in most cases it just gets changed because stuff gets marked unused by main kernel tree modules, then eventually it gets dropped out altogether even though there might have been tons of stuff outside the main kernel tree that used it that simply never got integrated in the kernel tree)

in the argoment of stable api: http://www.kroah.com/log/linux/stable_api_nonsense.html

There is a flag in the kernel to disable all non-GPL modules.

I never said that is the only reason broken API's get dropped, but I certainly do believe it is an important one. Now some people call everything they hear that they dont agree with FUD. You may or may not be one of those people, but I cant quite explain why you attempted to call my argument FUD. Was I trying to make you fear what I was saying? Was I trying to make you uncertain of what I was saying? Was I trying to make you doubt what I was saying? See I dont understand how in your mind FUD applies. Why would I purposely make you fear or uncertain of or doubt what I was trying to say?

EDIT: And about dropping old and crusty API's that dont get used by in the kernel tree, That is a freakin fantastic idea. All I can say is that thank god I dont have a 16GB kernel.......... I hope and pray, yes pray, that Linux never develops its version of winsxs....

Well, yes. Admittebly API has to be allowed to live and old versions of the API have to eventually be droppped. This simply because no sane person manages to predict every use scenario so the attempt for the API will be wrong. This has nothing to do with security holes though. So yes, I admit API has to go through changes (after having doing some conversing Elsewhere (tm)) as part of its natural evolution to better cope with tomorrow's challenges which simply weren't thought of yesterday.
But yeah, I still stand by my claim that saying actual API changes due to security reasons makes no sense whatsoever. (FUD as in the sense that the reasoning you gave is not only false but it was directed towards the emotional core of every admin: security. It's a bit like drawing child porn card in an arbitrary network filtering conversation, really Drawing them randomly when they're not actually related to the matter at hand is meant to be a conversation killer and an "I Win" card)