>can be fairly safe memory-wise (written a million lines of code in C)

We are currently in a thread, where a major application has a heap corruption error in its CSS parser, and it's not even rare for such errors to occur. This doesn't seem true.

>But automated package managers etc can bring in code under the covers, and you end up with something you didn't ask for.

Last year there was a backdoor inserted into xz that was only caught because someone thought their CPU usage a little too high. I don't think the whole "C is safer because people don't use dependencies" is actually sound.