The project is a framework for building applications on top of. The issue isn't the framework code. It's the application layer code that gets written and maintained for years to come on top of what may well be a brilliantly written framework layer.
Given that you don't disagree that C is an inherently riskier language to write in than memory managed languages, I can only conclude that what you're opposed to is the fact that I'm saying the quiet parts out loud. I'm not saying the quiet parts for you, you know them, I'm saying them for the junior devs who stumble across this page of senior devs waxing poetic about how wonderful C is. Every dev should know how to write C, but it's equally important to know its generally the wrong language to choose for a web server, which is what's being discussed here.
My problem is that you talk about insecurity because you saw "in C", yet you have not actually reviewed the code. You simply concluded (allegedly) that it is unsafe because it is written "in C". Review the code first. Written "in C" does not automatically make it unsafe. Do you agree?
That is my only problem.
Yes, I agree that every developer should know how to write C (useful skill, reference implementations should be written in C due to its simplicity), but I do not think that using C for writing a web framework is a bad thing. To each their own. It might have issues, but as I have said, it can be analyzed and reviewed through the methods I have previously said so[1]. I have no clue if this code has any issues, I have not reviewed it myself, so it is for not me to claim either way.
Are we in a disagreement or not?
[1] See https://news.ycombinator.com/item?id=45527495.