>>15
It's just an example. The de facto libraries for SQL in C have prepared statements, as do the de facto libraries for SQL in other languages. Yet programmers still bypass them because the programmers "know better" (maybe they're clever?), or sometimes because the programmers do not read or do not understand the documentation. It's not "perversely horrible", it's merely mediocre, and there are a lot of programmers who do this kind of thing on a day to day basis. (I've maintained their code, too.)
My point stands: it is easy to write insecure software in any language. It sounds like you're arguing against a point I didn't make. If you think there's a reasonable language out there which makes it genuinely difficult to write insecure software, that truly protects against user stupidity, please enlighten me.
Languages are not secure or insecure. Systems are secure or insecure.