Around 99% of vulnerability happens in parsing (general speaking, including string handling). If you make decision to take Lua as the format and take Lua parser as parser, done. Almost zero vulnerability.

At least Apple's own engineers will be using Mac for their own work, unlike Microsoft engineers using Dell.

No, they aren't. They officially claimed OpenGL had been replaced by Metal for more than 5 years, and no Metal-enabled app can run on x86/64 macOS.