A huge percentage of the security vulnerabilities in C and C++ programs are due to memory bugs etc that comes from rushed or careless programming. Why not write in memory-safe systems languages like Rust that can completely avoid these entire classes of bugs?
Are you sure the package was physically routed through Toronto and it’s not just customs documents etc filed by the corporate office?