Cargo is just as vulnerable as NPM. It's just a smaller, more difficult target.