C is only easy to learn if by "learn" you mean "getting something to compile". Learning it enough to write programs without malloc vulnerabilities is basically impossible.
True, yet Frama-C and MISRA-C do exist, and certified compilers, which Rust is yet to have.
To prove how hard it is to replace C, even Microsoft with its security speech and "we don't need C on Windows" has given up to market pressure.
The Azure Sphere device whose marketing message is all about secure IoT, uses C as its only language, despite endless requests for C++, Rust, C# support.
The new MSVC version will support C11 and C17, minus the C99 features that became optional in C11.
Language evangelism without market understanding doesn't go far.
The C based programs I use most are probably various databases (mysql, postgres, redis, sqlite etc) and the linux kernel. Certainly for the databases they have been rock solid. It's possible to crash them by running the server out of resources of course, but I have never had them outright crash with a malloc problem. The kernel has more bugs perhaps, but that too has been rather stable for me.
C might not be perfect but it's clearly perfectly possible to write stable and secure programs in them.
1. Not all software is exposed to internets, or requires many 9-s in reliability like avionics. A videogame that crashes their hardware-virtualized compartment on 1 out of 100k consoles is not OK, but might be good enough in practice if the unlucky users are refunded.
2. We have higher-level languages which solve these vulnerabilities for acceptable performance cost, and even easier to learn than C.