Your are correct, yet general statements. The situation in the Zig ecosystem right now is not one based on "retrofitting" security into the language, but, if today we don't have a function that sanitizes utf8 in the standard library, that doesn't mean that the language is going to become a swiss cheese in terms of security.
Please read Andrew's answer and check the linked project management dashboard on GH.
Please read Andrew's answer and check the linked project management dashboard on GH.