> It was certainly promoted on the project web site as a capable and portable toolkit for the purpose of parsing XML.
This is a garbage criticism. It’s perfectly adequate for that for almost everyone. If you are shipping it in a browser to billions of people, that’s a very unique situation, and any security issues are a you problem.
Not sure if this is intended to be a “show both sides” journalism thing but it’s a totally asshole throwaway comment.