Cryptographic software is possible in any programming language. It's not that something is or isn't secure - it all depends on how the developers use a given technology.
A significant advantage of open-source frameworks is the strength of the community, which often reports potential security issues on its own. Because many people take care of the tech's impermeability, the detection rate is high, as is the update frequency.
Let's take a closer look at some popular mobile tech stacks.
It is a web framework for Python lovers. With SQL queries abstracted away from developers and parametrized due to Queryset API, robust user authentication and authorization, password hashing, and XSS-proof templates, Django is a powerful choice in terms of security. On the other hand, all web frameworks introduce a new way to penetrate the existing app - through the developer's computer.
Spring
Spring is a Java framework for authentication and authorization, serving as a security backbone. The other one, Spring Vault, enables secure data storage and management, while Spring's native HtmlUtils.HTML escape method can prevent XSS attacks. The main disadvantage of Spring is a complicated SQL injection prevention - primarily due to the high maturity of this framework.
Nginx/Gunicorn
Gunicorn is an application server for Python-based programs, while Nginx is a front-facing web server, a reverse proxy. Gunicorn serves the Flask app, and Nginx sits in front of it and decides where a specific request should be directed. So if the incoming request is an HTTP request, Nginx redirects it to Gunicorn, and if it is for a static file, it serves itself. Nginx/Gunicorn is renowned for its high security. Remember that the security updates are released really often - make sure you follow.