And their assumption is wrong. The compiler should be where the responsibility is to prevent insecure code from even being able to compile. Depending on thousands of individual developers means having to trust each and every developer and why would you want to do that? It increases your risk for zero gain. On the other hand if you use a secure language then you only have to trust the developers who write the compiler and design the secure language.

The fewer developers you have to trust the lower your risk.