What would be really secure would be a language that actively tried to stop you from doing stupid things like requiring that database queries be parameterized. Don't provide any APIs for running database queries without parameters. Sure you could still construct queries that didn't actually use the parameters, but it would at least get you off to a good start by forcing you to pass them into the function. You could even parse the SQL and throw an error if a value was used where a parameter should be. You could also force checking for a token when submitting forms to ensure CSRF is not being done.
Very much agree on this. The newer Zelda games make it quite hard to get lost. All the bombable walls are well marked. In the old days you had to bomb walls at random to find them. The second quest was worse, where they introduced the new concept of simply walking through the walls after walking into them for a few seconds.
However, on the flip side, most games are much longer now, and it would probably take a lifetime to beat them if you had to start at the beginning each time you died.