I would claim that using Scala (and presumably Haskell) gives you the tools to make it impossible to leak secrets, if you want to. You could use a path-dependent container type to ensure that content was associated with a particular connection and never passed off to a different connection; if you tried to do something like reusing a buffer, it would be a compile failure.
There would be costs to this - both in runtime performance (presumably you wanted to reuse buffers for a reason) and in program complexity. And of course it's possible to make an error in your type definitions (though you have to make two errors to be exploitable - one in the types and one in the values - and the types are shorter and much easier to audit than the full program code). But it absolutely is possible, and I think that pretty soon we'll reach the point where it becomes worthwhile for security-critical code.
Up to a point. Fork+exec is a very blunt instrument; sshd can piggyback on the unix security model because every ssh connection belongs to a user with a local user account and (usually) has the authority to do everything that that local user account may do. That wouldn't be true for a webserver.
Of course ultimately you can Greenspun any language to do what any other language can. But in practice a language where the vocabulary already exists - where you have higher-kinded types and existing generic libraries for handling when a value has a particular "context" - makes it much more practical.
As far as I understand, unsafePerformIO is not unsafe in relation to memory safety issues. It is just unsafe in that it circumvents the IO monad, which means order of execution is not guaranteed.
There would be costs to this - both in runtime performance (presumably you wanted to reuse buffers for a reason) and in program complexity. And of course it's possible to make an error in your type definitions (though you have to make two errors to be exploitable - one in the types and one in the values - and the types are shorter and much easier to audit than the full program code). But it absolutely is possible, and I think that pretty soon we'll reach the point where it becomes worthwhile for security-critical code.