No. Go is worse simply due to lack of established design patterns. Spring (just like Angular) forces to build things in a certain way and has a lot of reasonable defaults. E.g. CSRF protection is enabled by default in Spring Security. CORS configuration is trivial. Magic? Yes. In Go juniors won’t even think it is necessary and may not figure out that they need a 3rd party library for that (or build it correctly).