I'm a full time rails developer and member of the "ruby community" and have nothing against rails. I am also strongly inclined to take tptacek at his word when he speaks on issues of security, even if he's light on the details. It's quite literally free consulting.

EDIT in response to upsteam edit: He did imply that you should wait for the upcoming Rails advisory, so you'll get your proof then.