My subtext isn't very clear: there are other projects that haven't totally mastered handling vulnerabilities, but few people will fault you for using them. Rails is different because it has a personality cult, which makes it easy to personalize an issue that is a dry inconvenience for other popular packages.

I'm not sure I'd put Postgres alongside Linux and Rails in terms of handling security issues.