do the security flaws still affect the current client?
I believe he is talking about this issue:
https://vxlabs.com/2017/06/10/extracting-the-jaxx-12-word-wallet-backup-phrase/I can't say if it was fixed, but that's only a major problem if someone gets access to your physical device. So, if you know how to avoid malwares and secure your device, it's *IMO* not a big deal.
also, is there a way to prevent jaxx from creating new keys until i backup my passphrase again?
You only have to backup your seed once. It doesn't matter if Jaxx created tons of new addresses afterwards.