No matter your stack, you are occasionally going to have to deal with security vulnerabilities. Thankfully, rails at least is quick to issue releases which address security vulnerabilities. Back when I was working on java applets, I remember security issues in Java plugins which would persist for weeks, months, or even years.
My subtext isn't very clear: there are other projects that haven't totally mastered handling vulnerabilities, but few people will fault you for using them. Rails is different because it has a personality cult, which makes it easy to personalize an issue that is a dry inconvenience for other popular packages.
I'm not sure I'd put Postgres alongside Linux and Rails in terms of handling security issues.
^^ This is good advice. Maybe they should question their choice of platform - there are other options, some of which seem to have had a bit more forethought in their architecture and engineering.