I've never heard Andrew say you shouldn't use Zig in production because of "security vulnerabilities", but simply because Zig is quite immature (expect bugs including segfaults in perfectly "good" code) and changing constantly, not something anyone should want in a production setting.
Honestly. In a world in which JavaScript is the number one language, I’m walking back on the idea that “instability means no good for production”.
10 years ago, I thought for sure that JavaScript devs were eventually going to get sick of breaking and deprecating changes, but they’re still going strong with picking frameworks that just don’t give a shit, switching to new breaking tool chains, etc.
It seems that there are A LOT of developers willing to put up with a whole lot more than I am.
