Can you name a practical language in which it's not possible, by default, to perform an unsafe operation with untrusted user input?
I can easily use Haskell's type system to disallow the use of UnsafeUserInput in my database abstraction layer, but that requires me to use my types pervasively and correctly.
We're not discussing who's to blame, we're discussing whether there's anything to assign blame for.