Gee, if that was the criteria, I'd be banning Java at work. Because I've seen first-hand a number of Java devs writing absolutely stupid things resulting in a heap of vulnerabilities.
The reality is that you get a bunch of stupid developers, and it doesn't matter what language you put in front of them, they're going to write stupid code. The people who've worked under me in perl don't get the opportunity to write code that dumb because a) I provide a saner framework work in where those gotchas are centralised into common functions and objects, and b) I code review everything that goes in until they acquire a better knowledge base to work from and then I do spot reviews and review anything they feel, with their now better experience, might be tricky and should get extra eyes.
I don't care what language you're working in. If you don't realise that calling the shell with special characters that you didn't know you had will cause problems, it's the developer at fault, not the language. I don't care if it's cmd = "do-stuff " + tainted_value; Process p = java.lang.Runtime.exec(cmd); or my $cmd = "do-stuff $tainted_value"; my $rc = system($cmd);, that's going to result in broken code. If you don't realise that doing the same thing with SQL is going to cause problems, you shouldn't be doing SQL. Or running a subprocess, waiting for it to exit, and THEN reading its stdout. These are all common things, in my experience, and most of them I've seen in Java code, though I do get to work with some nimwits in a different reporting chain using perl stupidly as well. I don't ascribe the bad code to the language, but to the bad developers. Maybe you should look, too, and you'd find it's your developers that are the problem, not the language.