I agree that shared libs is normally best, as it would be insane to static build gtk2 and deps into every gtk2 extension.
When openssl-1.0.1 is released, then if we are using a shared 1.0.0 extension, we simply are stuck with 1.0.0 as it is only compatible with lettered point releases (1.0.0a is compatible with 1.0.0e, but not with 1.0.1 for example). Or we would have to embark on yet another migration, away from 1.0.0, making a libssl-1.0.0 extension to satisfy existing apps and creating a openssl-1.0.1 extension.
With as much effort that goes into keeping most apps up to date, a static openssl would allow each update to use the latest openssl. A shared openssl would leave us stuck with a particular openssl version for a long time, regardless how up to date the dependent app is kept.
Openssl seems to update it's number release every couple years, but we have been using 0.9.8 for almost 3 years now, and it will be a long time before we will be able to retire it. Extensions seem to definitely be updated more often than openssl number upgrades. We can think about it further, but I like the idea of keeping a current openssl, and never having to migrate again unless one takes the option of rebuilding against openssl when it is updated.