I don't see how those two things coincide at all. Further, your second statement is a strawman - for a project and community that touts being a serious replacement for C, there are indeed expectations about the security mindset of the individual providing the code. When the project has 7k+ stars on Github, clearly people are looking at it and using it. If the maintainer is being unsafe, it's ridiculous to imply nobody is allowed to be critical of that.