Right now there's a critical vulnerability in the Bitcoin client, which just goes to show how easy it is to make an exploitable mistake in C++.

Also from a philosophical stance, if you knew your code had a buffer overflow then you would have fixed it. Malicious developers aside, security vulnerabilities are always unknowns. All code has bugs and some bugs are critical. You can only reduce your areas of risk, and in a language like C++ every pointer is a potential risk.