[SwellJoe]

I believe it'll be interesting to see how things shake out when we start seeing languages implemented in Rust. We already have a wide variety of languages for the JVM, which I believe most everyone would agree is a safer environment for a language than C, and I'd bet the theory above holds up. I don't know enough to know how to test that theory, however.

Basically, I think the "newer languages" comment refers to the implementation language (C being the most common today, but probably not for more than a few more years) rather than the language itself (Perl in this case). Though I think you're entirely right that surface area plays a big role. I would be willing to bet that Perl 6 will be more secure (by some definition of "more" and "secure") than Perl 5, because the surface area of Perl 6 that is in C is much smaller (the VM, with most of the language itself being written in a subset of Perl called NQP, or Not Quite Perl).

[rurban]

Not because the surface area is smaller in perl6, only because with GC those use-after-free bugs do not happen. Only with refcounted VM's, where it's easy to access a value with refcount 0. With a GC other memory bugs are common: Forgetting write-barriers, forgetting roots, external data.

And since most of the old dynamic languages (and also the new conservatives ones) are refcounted, the most common error is use-after-free, and then buffer overflows (heap or stack).

off-by-one is common to all systems.

Since I know perl5 and perl6 internals inside out I wouldn't bet that perl6 is more secure than perl5 at all. The perl5 is more hairy and eroded over time, but the perl6 vm is not really battle-proof and way too slow to be serious.