[jospoortvliet]

That is true, yes. Base ruby or C or PHP make it easy to make entire classes of mistakes you won't get using certain other languages.

But many of these problems can also be caught using the right tools and framework. With Ruby, using Rails will eliminate entire groups of risks you would have without it.

This is the same with PHP and frameworks like Symfony - which, incidentally, we use large parts off. And Lukas has been working a LOT on doing this kind of work, making sure we eliminate types of problems and mistakes developers could make. Combined with training (giving talks and workshops on writing secure code to our developers at events), code reviews by him and others, static code checking and so on, you get something that is really quite secure.

I am confident enough to say that our code base is the most secure way of sharing and syncing files using open source. Of course, before you or somebody else brings it up, SSH and rsync makes for a more secure experience but that's not exactly what Nextcloud competes with so perhaps add 'that gives a dropbox-like experience' to the above qualification :D