My experience is that the crucial point of security is quality of code. The programming language can only slightly help, but cannot guarantee some reasonable security.

From my perspective, why m^3 does not specify the security requirements of particular applications? It would spare his time when he will not concentrate on technical specialities, for instance, programming language...