The focus on security in Fedora might have been true some years ago, but recently it is moving to ignore security more and more. E.g. it is more often recommended to install unsigned Fedora Rawhide packages on productive systems or to use separate repositories with unsigned packages. Also with preupgrade an update method that does not verify the updated packages is promoted. And critical security updates are published with a big delay.
Now with banning security tools, the Fedora security lab does not sound that interesting anymore. If you read the feature list of sqlninja and know penetration testing, you will notice that they are the typical steps that are performed in a penetration test.