"Type abstraction is often the root cause of security bugs. For example, you could treat a password as a sub-type of string. But strings as commonly understood almost universally support the concept of truncation. But if you truncate a password [...]"
I think you wanted to say LACK of abstraction.
If password is not exactly a string, you should have created a "password" type with proper operations and associated semantics.
Do not ever consider "C" as an example of "complete type system", unless you also consider a Ford T an modern vehicle.