[thisismyhaendel]

It is NOT clear from that article. ROP can occur on the heap and CPI is bypassable (although safestack is a great contribution, and frankly it's about time). There is great literature on this issue already (see many forms of the Control Flow Integrity defense), and many solutions that exist come close to full security without providing it (CPI only protects code pointers, and side-channel attacks that work through data pointers can still achieve arbitrary memory reads and writes). In particular, use-after-free vulnerabilities still exist. Without full memory safety, exploits of these types will always be possible.