The large majority of users cannot make well informed security risk decisions like this. Engineers should do the right thing and help these users. In the same way, I can't make some meaningful risk assessment for using a bridge or riding an elevator. Civil Engineers don't just get to say "well, if users are concerned about the safety of my bridge then they can make a different choice so I'm going with the stuff I personally like working with." Why do Software Engineers get away with this?

Outside of small hobbyist projects, the industry has an obligation to provide users with safe software.

Right. So in your opinion, is it irresponsible to write a project intended for production in C or C++?

I believe that it is irresponsible to

1. Start new projects intended for production that have nontrivial security threats in C or C++

2. Not have a plan to categorically prevent memory safety errors in legacy codebases over the next decade or so, whether that be by transitioning to new languages or by applying rigorous hardware-level memory tracking

I bet if liability was a common thing in software delivery, those languages wouldn't be the first option after a couple of lawsuits.

Yeah can you imagine if it actually mattered if companies made choices that they knew were inevitably going to lead to zero-click exploits on internet-enabled devices? Somebody sitting down to write a media decoder in C today knows that this means a steady stream of exploits harming their customers.