In 2020 the number one OWASP security risk is injection and I don't think anyone's arguing that the current crop of languages are all crap.
Evaluating a language without judging what kind of projects it enables is nonsensical and leads to pointless language ivory tower discussions. I'm sure that also back then there were all sorts of awesome programming languages that nobody was using, but checked all the boxes that would make the average HN language enthusiast happy.
As a counterpoint, the number one cause of death in America in 1950 was heart disease. It’s also the number one cause of death today. We’ve still made a lot of progress in treating heart disease in the last 70 years
What kind of progress have we made since 2005 in preventing (not treating) SQL injection? I remember reading a book about PHP security that year where escaping strings and bound parameters were mentioned.
Just don't construct SQL queries by directly concatenating user input. It's easy to mess up or use the wrong escape function, so always use prepared statements anywhere you want to pass user defined data.
You can usually grep or even use static code analysis to help find where your existing code is using "tainted" data to construct a query.
Also, if you use an ORM, you'll generally be working at a high enough level where SQL injection is impossible (unless there's a bug or design flaw in the ORM); since you won't be directly dealing with text queries.
Evaluating a language without judging what kind of projects it enables is nonsensical and leads to pointless language ivory tower discussions. I'm sure that also back then there were all sorts of awesome programming languages that nobody was using, but checked all the boxes that would make the average HN language enthusiast happy.