I love CyanogenMod (or at least the concept...I'm over dealing with the headache in practice), but the reason I used it was certainly not for improved stability and security.
Not that I particularly trust OEMs/carriers, but the only way I'd feel more secure with CyanogenMod is if I had time to audit the source and build the kernel and OS binaries myself, and that includes whatever code is used to root and unlock your device in the first place. If you do that though, more power to ya.
Also, disabling permissions at runtime is a foolproof way to make an app crash, as the vast majority of apps will assume they're granted the permissions hardcoded in the manifest at compile time.
One last point - rooting your phone and granting apps root access just to disable crucial permissions such as holding a wakelock seems pretty reckless - have you personally seen the source code for that app? At least the dev's website seems legit: http://www.findsdk.com/
EDIT: Even better, looks like the author of App Ops, or at least the owner if the findsdk.com domain, is in China :) https://who.is/whois/findsdk
IIRC, Privacy Guard simply returns empty sets of data instead of just revoking the permissions so the app shouldn't crash. It probably will lose functionality, but by actively turning on PG you're signing up for that.
CyanogenMod's "deny permission" behavior is largely the same as XPrivacy's, but way less fine-grained (and way easier to use). Basically it just returns "empty" data for requests - it doesn't revoke the permission, because yes, that would cause crashes.
The vast majority of applications work with this with no problems. They just won't e.g. show your contacts.
It is really a shame that Android doesn't provide this feature enabled by default anymore (as they did for at one point). It could easily be provided with a warning that this might break your apps and use with caution.
Security often has a UX trade-off, that doesn't mean it can't be handled well by good design.
As someone who is working on a (secure) Android ROM, I don't recommend trying to build the kernel from source unless you're serious about doing it, the Android repo build system is a mess and will take you hours to get working right.
This reminds me of the recent fireside android chat at I/O where someone said something like "I need to be prepared for although I got the permission, it might not be there".
...and they said "We work on the Play Store, and uh... that's not something we have any idea about"
"No, I think he's talking about the ROM's that let you take a permission away. Wanna talk about AppOps?"
Not that I particularly trust OEMs/carriers, but the only way I'd feel more secure with CyanogenMod is if I had time to audit the source and build the kernel and OS binaries myself, and that includes whatever code is used to root and unlock your device in the first place. If you do that though, more power to ya.
Also, disabling permissions at runtime is a foolproof way to make an app crash, as the vast majority of apps will assume they're granted the permissions hardcoded in the manifest at compile time.
One last point - rooting your phone and granting apps root access just to disable crucial permissions such as holding a wakelock seems pretty reckless - have you personally seen the source code for that app? At least the dev's website seems legit: http://www.findsdk.com/
EDIT: Even better, looks like the author of App Ops, or at least the owner if the findsdk.com domain, is in China :) https://who.is/whois/findsdk