NetBSD's implementation, specifically with regard to how it handles deallocation, diverges from OpenBSDs - though its documentation is wrong.

LibreSSL (for example) will compile just fine on NetBSD, but as the logic of the two implementations differ so too will correct memory management in LibreSSL. This is just one example of how a port of secure code can be made insecure.

So it doesn't have to do with reallocarray specifically. It has to do with drawing out the security implications of the article under discussion.