One of the features of this webserver is that chroots to a directory. Meaning that, to the web server, anything before the given directory (/var/www by default), does not exist. So if a vulnerability is found, the attacker can’t do much things, as the attacker can’t go beyond /var/www.
Apparently, chroot is not a security feature on Linux. Is that true on *BSD?
As chroot(8) caveats sections states:
so chroot(8) like the article states it is a hardening feature even on OpenBSD.