While I broadly agree with your argument, I have to point out that the heartbleed exploit was due to the OpenSSL devs forgoing the system's malloc implementation and rolling their own abstraction for performance reasons.
No. No it wasn't. The Heartbleed exploit was a classic buffer overread bug that would have been prevented by any language with bounds checking.
[Any language with bounds-checking protection] that would likely have been bypassed by the dev-team due to performance reasons. Seriously, for performance reasons this dev-team bypassed malloc of all things; do you really want to assert that they wouldn't have bypassed a bounds-checker?
In my previous post I thought I made this bit clear; it was not that there was protection on some platforms, it was that they bypassed all platform allocators in favour of their own. That's the bug right there. Everything else, like overruns, overreading, etc is a result of that decision. I cannot believe that, with a different language, they would have made a different decision