That's not actually true. A browser is not as secure as it's engine. The thing is really more complex than that.

There are configurations concern, certificates, security layer, apps/plugins/add-ons, bugs within the ui layer...

Sure, but the bulk of the issues are in the renderering engine, and for that they are sorted.

I know, it's the exposed part after all, but still I wouldn't recommend it as "secure as safari".

WebKit isn't the only possible source of insecurity in an app that uses it. It may not even be in the top 10 versus things like image and font rendering libraries.