It's just that out of these two claims only one is interesting and worth talking about (and that's the one mentioned in the title).
Thank you for your testing! That's a bunch of effort which I didn't do - but checking the other claim is much more difficult; a refusal is clearly visible, but saying whether out of two different codebases one is systematically slightly less secure is quite tricky - so that's why people are complaining about the lack of any description of the methodology of how they measure that, without which the claims actually are not testable.
One is more concerning, yes, but I'm asking for help vetting.
In either case, just blindly accepting or blindly rejecting the claim is unhelpful. Clearly the OP is blindly rejecting, as well as many other comments. These are unhelpful and just perpetuate misinformation campaigns (who's goals are to create chaos, more than they are to create a specific point of view).
So I want to ask, what are your comments contributing to? Why are you passionately attacking my comment? What is your vested interest here? Because I don't see this, or the similar comments, contributing much. Can we try to not be so quick to make conclusions and try to figure out the truth? Why are we arguing instead of trying to verify? I do value your opinions, but let's also make sure we know if they are pure conjecture of there's some evidence (even if minor). We can verify the claims, so let's try.