Given that it doesn't allow for pointers pointing into places they should not, null terminated strings without terminator, arrays that decay into pointers, double free(), buffer overflows, stack corruption, ...

I would say, yes it is more secure.

Interesting, maybe we should port OpenSSL to Javascript...

I just meant JavaScript is more secure than C, not that everything should be re-written on it.

As for OpenSSL, better ask advice to Apple developers. They know all about how C helps security experts keep their jobs.

Hm, and what is the runtime written in?

There are only two big opensource JS engines (Mozilla's whatever-monkey-it-is-now and Google's V8).

This means that a lot more eyeball-power went into inspecting those for security issues than into inspecting a messenger - simple reason: a bug in V8/xMonkey would fetch far, far bigger reps and money than finding a bug in Pidgin.

Always remember: given enough eyeballs all bugs are shallow.

C is just one among many languages that can be used to write runtimes on. There are other safer ones, that people tend to ignore but are almost as old as C.