Servo relies on firefox's JS runtime spidermonkey, written in C++.

Moreover, a significant fraction of JS vulnerabilities are logic errors in the JIT, so even if the JIT itself is memory safe, that doesn't make the resulting code free of vulnerabilities.