Let's talk about security in Rust!
Rust compiler has security guarantees that are quite foolproof, so traditional RAII style of programming from C/C++ land becomes very safe by default, posing minimal (realistically, close to 0) risk of causing memory-related security fuckups.
And Rust slowly, but steadily gains adoption - you see C/C++-written tools getting rewritten in Rust, or wrapped into safe Rust wrapper, pretty much a few times a day.
Now, there are, of course, realistically thinking and reasonable people, who understand that Rust is definitely a net-positive on the system's programming space, and while it has productivity hits, the guarantees it gives might be worth it in the long run in many applications. There are also, of course, terminally online redditors, who see some kind of agenda everywhere they look, but it's just a natural part of Internet being The Place For Everyone (c).
Aight, back to the topic!
What I don't see people talking about enough is, in my opinion, the biggest security risk in Rust right now, which is the most awful ecosystem hygiene that happened since npm. You see projects that are not even that complex relying on insanely large number of crates. One of my biggest shocks dealing with this was me packaging Alacritty, a relatively featureless terminal emulator, for GNU Guix Linux distro (which is a source-based distro that insists on everything being able to be built from the source down to the lowest possible level). While doing that, I realized that after flattening Alacritty's dependencies there were like 300 3rd party crates it depends on! I don't remember the exact number, it was in 2019-2020, but it was something in a ballpark! And some of these were different versions of same crates due to cyclic dependencies. To my knowledge, the ecosystem isn't much better in 2025.
I kid you not, right now there's a leftpad crate that has almost 400k downloads on crates dot io over 9 years. I know, I know `format!` can do the same thing in a built-in way now, it's not the point! The point is that it is only a matter of time before there's a huge-ass supply chain attack scandal in a critical Rust-based project.
And remember - Rust is not some punk-ass Javascript that can't do much more than stealing your useless facebook cookies and getting access to your AI-generated boomer slop - because who even runs javascript on the server, can't be me! A Rust code with npm-inspired code ethics will run in some RING 0 kernel space of your enterprise wage overlord's mainframe, making your entire Megacorp Inc. a little bitch of your Overseas Partner. In fact, I wouldn't be surprised if something like this already happens, because there's no way it's humanly possible to vet this many dependencies. Imagine CrowdStrike-tier fiasco, but intentional instead of due to Occam's Razor.
I personally think the main reason behind this shitshow is the biggest technical issue with Rust compiler itself - it's being fucking slow, forcing people to slice their code to crates as thinly as they can to try to speed the compilation up and minmax binary cache. I really want to believe that Rust compiler will get much faster in the future (and credit where credit due - Rust team is actively chasing ever-increasing complexity of the compiler, making it a bit faster every time), and this issue will go away naturally, and this is not some original sin brought on board by uncultured web programmers.
Overall, despite me not actively programming in Rust anymore, I'm still overly positive about it, and want it to be as good as it can be, and hopefully it will.