(employee here) We do take security very seriously and have been able to deliver a 24 hour turn-around when there are Chromium updates (like the recent zero-day bugs which were patched in C78). We also have a bounty program open via hackerone that we take seriously which has helped us improve: https://hackerone.com/brave
Can't you make the exact same argument for people using Firefox or Chrome? That malware on your computer might be able to get at your browsing history is a risk with all browsers, not just Brave.