All I mean to say is that the implication that the Rails community has been particularly lax over security issues is simply false.
Is there room for improvement? Yeah, probably so.