I'm kind of curious what Alex meant by this, as the security problems relating to io_uring are, to my knowledge, unrelated to the user-space program. It makes sense if you want to disable the feature in your own kernel or remove potential sandbox escape attack surface, but it's like saying "You might want to avoid win32k if you want to use features with a good security track record" (and I know this is kind of apples to oranges but you get the point).
IIUC io_uring surfaced a bunch of pre-existing-but-rarely-hit code paths that had issues, which was widely taken to mean “io_uring has issues”. Google also disabled it on all machines in GCP, not clear if Google disabled it because of the same issues, or some other thing. The aforementioned issues have been fixed.