Memory safety issues show up all the time outside of security exploits. Industry began pursuing memory safety long before anyone cared much about security, simply because of the productivity impact of chasing down memory leaks and use-after-free bugs. So if they've used C++ for years without having to do that, its pretty meaningful. It also matches my experience working on a large C++ application that had ubiquitous use of smart pointers. I wouldn't want to do that again, but RAII takes you a long way.