Nah, you could still e.g. use a use after free to smash the return address or a vtable on a Harvard machine and execute a ROP chain. If it did speculative execution too it would probably be vulnerable to spectre. There's nothing special about Harvard machines when it comes to security.