JVM's are written in C and C++, the CLR is the same. Which managed language do you suggest to use that was not built with C?
The point isn't to eliminate C code entirely, but to minimize the number of lines of C code that are executed.
If (statistically speaking) there will are likely to be N memory-error bugs per million lines of C code, then the number of memory-error bugs in a managed language will be proportional to the size of the interpreter, rather than proportional to the size of the program as a whole.
Add to that the fact that interpreters are generally written by expert programmers, and then they receive lots and lots of testing and debugging, and then (hopefully) become mature/stable shortly thereafter; whereas application code is often written by mediocre programmers and often receives only minimal testing and debugging.
Conclusion: Even if the underlying interpreter is written in C, using a managed language for security-critical applications is still a big win.