Re: What's this, a bug caused by a language quirk?
The cause of Heartbleed was a missing length check. It was a trivial error, even if it had non-trivial consequences. Variants of it could have happened even in languages with array boundary checking, for example if the heartbeat code reused sufficiently-large buffers.
Goto-fail wasn't in OpenSSL at all, but in Apple's TLS stack. And it happened because of poor code style and a failure to use an adequate static-code analyzer. (Some C compilers, run with appropriate options, are sufficiently good linters to catch the goto-fail bug, because it leaves dead code; any decent standalone linter or general static-code analyzer should catch it.)
Both are in C, so say nothing about C++.
In any case, there are much more prominent dangers in C, particularly unsafe functions in the standard library (which should be avoided or wrapped in safer abstractions, not used directly in application logic); the use of in-band signaling in strings, stdio formatting, etc; relatively weak typing; and a cumbersome error-handling model.
I agree with your general point - all programming languages have pitfalls, and some are more difficult to use properly than others. But your supporting argument leaves much to be desired.