Username or EmailPassword
Well, to be fair, these are all internet facing technologies which have been tasked with running arbitrary untrusted code. Non network facing tools, such as GCC, bison, libtool, etc could also have vulnerabilities (such as stack/heap overflows), but these are far less consequential because these tools aren't automatically run from the internet.
An apples to apples comparison would have web pages serve up C++ code to be compiled with G++ and then executed. In this light the security of JRE, JS, flash all come out far ahead of GCC because it has no defensive mechanisms at all.
I think highly optimized managed languages would do very well in an OS. Even if there are some exploits caused by running untrusted code, it's not like a responsible admin should go around injecting untrusted code into their kernel.
There are other reasons a managed kernel would be nice, I know we've talked about it before.