Does this badge imply that the project doesn't have any external dependencies? What if another Heartbleed or a vulnerability in the language itself is found?
Nope, the "no maintenance intended" explanation definitely does not mean that the software is free from vulnerabilities. If you want to use an unmaintained project, you should look at its dependencies and assess for yourself whether it's a better idea to use the project or rewrite your own version. In many cases, it's best to fork the project and maintain it as if it was your own code.