I understand where you're coming from. But don't you feel that the security fixes are coming out in a timely fashion and once they're shut, they're gone for good? (At least that particular exploit)

Slowly but surely Rails will become robust because of this.