You'll get no argument from me that a language needs direct access to memory. My problem is that the difference between correct code and exploitable code is extreme diligence on the part of the programmer, which fails constantly. [Arguably static analysis type tools can help a lot, but, that's just trying to recover from an already bad situation.]
For example, in the prequel to the OP's article (http://googleprojectzero.blogspot.com/2014/07/pwn4fun-spring...), the original bug was overflowing an unsigned int. You should be spitting out your coffee! (/beverage of choice) How can it be be that a (presumably expert) programmer can write code that silently overflows integers by accident?
"It's 2014 and this still happens." That's my favorite non-argument. It's not constructive but it expresses how I feel. We're well past the years where people have had time to reflect on the fact that people have already struggled with and tried to solve the problem that this should simply not be possible. I don't need a fancy type system to enforce 'checked integers' are the only things that are passed to to my memcpys - but I do have to be willing, at some point, to discard the broken versions of the same thing I've been holding on to for 30 years in favor of something less perilous.
Oh, and, if you read the rest of that prequel article, the person who fixed the bug missed something else in doing so. They're adding overflow-safe versions of 'size_t' and 'unsigned int' together. Again, embarrassing. Not for their error, but because we-as-a-species are still writing code where that mistake can be made, and then not doing anything about it when it inevitably happens.
