Considering the steady stream of CVE's against Vim's C code, security is the last reason to choose Vim. I've often wondered why there were so many Vim CVE's, and meanwhile never really any Emacs CVE's. My thinking has been that it's because so much of Emacs is implemented in Elisp, a memory-safe language, and much more of Vim is implemented in C.

So now there is an Emacs CVE, and it's a big one. But if you're going to jump ship for something more secure, it would be woefully misguided to go for Vim.

Any editor that goes for expressive power and flexibility is going to have security issues sooner or later. If you want safe, you'll need to cut features, pick something simple.