My problem is that you talk about insecurity because you saw "in C", yet you have not actually reviewed the code. You simply concluded (allegedly) that it is unsafe because it is written "in C". Review the code first. Written "in C" does not automatically make it unsafe. Do you agree?
That is my only problem.
Yes, I agree that every developer should know how to write C (useful skill, reference implementations should be written in C due to its simplicity), but I do not think that using C for writing a web framework is a bad thing. To each their own. It might have issues, but as I have said, it can be analyzed and reviewed through the methods I have previously said so[1]. I have no clue if this code has any issues, I have not reviewed it myself, so it is for not me to claim either way.
Are we in a disagreement or not?