No, I don't think many application security people would agree with you that Rails is more secure out of the box or in common configurations than Django. I don't think it matters much; the differences are probably marginal.
(I've shipped Rails applications and would probably not myself ever pick Django for a new project. Obviously, I do more security work than application development work).
(I've shipped Rails applications and would probably not myself ever pick Django for a new project. Obviously, I do more security work than application development work).