>How many people do you think got fired for the Log4J RCE for using the library.

The counter to that claim is that there are certainly a lot more insecure logging implementations in use that never get (widely) exploited mainly because of obscurity (i.e. closed-source).