Do you have g++ installed on your production servers? I sure don't.
> Also, eval is much less of a problem than memory-safety,
> as you can simply avoid using it. You can't avoid using memory.
I'm not trying to argue which is the bigger problem. I'm just responding to the bogus "no additional vulnerabilities" claim.
Here's another piece of advice: "simply avoid writing buffer overflow exploits." Hmm. Perhaps you can't "simply avoid" a fundamental feature of the language just by pretending it doesn't exist.