I gave specific examples of modern C codebases for which lots of attention had been paid to security that subsequently suffered vulnerabilities stemming from memory corruption. You respond with "garbage collected languages are nice but they're really just an extension of the general principle of minimizing the trusted codebase", which is nonresponsive to my point. We agree: we disagree.
I don't think it's negligent to write things in C. I like C, a lot; it's my first language. But stop kidding yourself that with just a couple modern development practices you'll produce code in C that is comparably secure to Python or serverside Java. You won't.
I'm really annoyed by your refusal to stay on topic. I pointed out a specific problem with security in many higher level languages-- the presence of eval and eval-like constructs in the language. You changed the topic. I pointed out that minimizing the size of the trusted code base, and reducing the privileges with which code runs is the foundation of any successful attempt to make secure coding easier. You changed the topic.
I'm really tired of the ideology that everything written in C is insecure, and everything written in higher-level languages smells like roses. Should we be surprised that things like Wordpress, Ruby on Rails, and even client-side Java are riddled with security vulnerabilities? Well, when programmers refuse to learn from the mistakes of the past, and think using a higher-level language is a magic elixir for achieving security, it's not a surprise.
I don't think it's negligent to write things in C. I like C, a lot; it's my first language. But stop kidding yourself that with just a couple modern development practices you'll produce code in C that is comparably secure to Python or serverside Java. You won't.