Not sure what the "considered harmful" implies here. It's clear what Djikstra meant, and it's not about removing goto altogether. Goto is still used as a best practice in many situations (e.g. error cleanup in the Linux kernel), and is very useful in other domains too (e.g. generated code for parsing, state machines, etc).
As for the vulnerability, while it is real, it's not related to the language.
And not even sure what "I’m staying away from any language with vulnerabilities like these" even means. As if other languages/compilers/etc, even established ones like C/Clang-GCC, Java, Javascript, etc don't have any?
The vulnerability was acknowledged and fixed in 1 day. If that's indicative of the type of response the project's authors have, color me impressed. Also, this post is for version 0.2. I ain't scurred for personal projects.
Author of that secvuln report here. It was fixed by the playground server being decommissioned. I do not know the exact timeframe of any fix that was made to that playground service. Pedantically, I guess the server being permanently decommissioned could count as a fix. However it does not bode well.
It came from the same developer. The mere fact that he was that sloppy in securing a publicly-facing service to leave a vulnerability so severe and so easily discovered should have you asking: why should I believe that anything else in this project is any more robust and secure (and will be in the future)?
As for the vulnerability, while it is real, it's not related to the language.
And not even sure what "I’m staying away from any language with vulnerabilities like these" even means. As if other languages/compilers/etc, even established ones like C/Clang-GCC, Java, Javascript, etc don't have any?