Ruby does. Normalization of untrusted input isn't taught or discussed enough. Or each platform's regex security.

Honestly, I think all CS/EE programs should require an OWASP course and that coding should require regular continuing education that includes defensive coding practices for correctness, defined behavior, and security.