curl isn't more prone to security issues, it's just being talked about more. Daniel has an active blog, is active on social media, and interacts with the community. I don't think the nginx team has that presence, hence if they take a vacation or run mythos on their codebase or have an opinion about AI nobody really knows.