Yes in general a pure function that takes in data and returns a result without reaching out of the function itself (in general that's a side effect) is usually more secure. There are certainly exceptions to that rule, like parsing data formats however. Also most pure functional languages make you isolate side effects which makes security auditing easier. For example I was an application security engineer for both a ruby company and an elixir company, both of which I'm sure you have heard of and both had excellent developers. The ruby shop (which in general I'd say had a higher talent level) had far more security issues in the code than the elixir team. Both had vaguely similar use cases and threat modeling also. I do believe that functional programming tends to lead to more secure code.