So they have no issues with monitoring your web site, they have no issues with breaking your web site… so when they say they are going to monitor your website to make it faster does that mean they’ll break it faster?
Every language is insecure in its own way. It’s (usually) not the language (adobe flash), but how they use it which determines how secure it is.
You can have immutable and type-safe data structs in JS (Typescript) just as well as you can have mutable structs and type-inferencing variables.
For example, Wordpress uses PHP and without proper hardening, those sites are ripe for auto-exploiting. Is PHP insecure by default? No, but its how it was implemented.
Before people wrote shitty php code, they wrote shitty perl code. So in the early days, you had a bunch of perl daemons running the web. Now, people write shitty js, and in the future, they might continue to do that or find something else.