I wouldn't really let Rails slide here or call them an exemplar in the subject at hand. They were lazy and paid dearly for it.
A better example would be Django, most server-side Java frameworks, Ruby frameworks like Sinatra and Padrino, most Erlang code I've seen is solid, Haskell users generally know better, etc.
You mean neither of those ever had or will have security issues, because only stupid incompetent developers ever have those? That was pretty much the point of the parent comment.
Meanwhile on planet Earth every popular software package has had some issues. That's natural, security is hard and requires constant vigilance, and people are bound to err or oversee something from time to time.
A better example would be Django, most server-side Java frameworks, Ruby frameworks like Sinatra and Padrino, most Erlang code I've seen is solid, Haskell users generally know better, etc.