Are you saying there can’t be security vulnerabilities in Neovim? [rhetorical question]

As I understand it, the vulnerability is that viewing untrusted elisp code may lead to arbitrary code execution. Personally, I don’t remember a case where I would view elisp code without the intent of running it.