I feel that Rust increases security by avoiding a whole class of bugs (thanks to memory safety), but decreases security by making supply chain attacks easier (due to the large number of transitive dependencies required even for simple projects).

Who is requiring you to use large numbers of transitive dependencies? You can always write all the code yourself instead.