The qmail package has a number of patches to fix things and add functionality. In this state the djb reward for find a security bug is not applicable. All this added functionality definitely increases the likelyhood of a security vulnerability existing. If you do not need any of the added functionality and value security I recommend you build qmail from official sources and do not uses these packages or any 3rd party patches.
SMTP TLS/SSL capability (RFC 2487) is provided by Frederik Vermeulen's patch which can be found on the qmail-tls website.