Memory safety is a defense against certain classes of vulnerabilities, no more and no less than that. I've always been careful never to claim that memory safety eliminates all security vulnerabilities, or that people won't find game-over attacks against apps written in Rust. Still, I don't agree with the characterization of memory safety as a "weak" defense—it's a defense against what are far and away the most common classes of critical vulnerabilities that we see in C and C++ programs.

I agree with you that there's nothing special from a security point of view about Rust if you're, say, a Python, or Java programmer (though the non-security-related safety features—for instance, data race freedom—may be interesting). Whether Rust is a security advance for you really depends on your starting point and what you consider to be non-negotiable. If you're a Java programmer for whom memory safety is non-negotiable, Rust isn't a security advance, but could be a performance improvement. If you're a C++ programmer (like us in the browser space) for whom C++-level performance is non-negotiable, then Rust isn't going to be much of a performance improvement, but it is a security advance relative to what we had to work with before. Basically it's about eliminating the tradeoff between performance and a class of security problems—whether that's a security advance will depend on where you started from.