Are you sure the package was physically routed through Toronto and it’s not just customs documents etc filed by the corporate office?

A huge percentage of the security vulnerabilities in C and C++ programs are due to memory bugs etc that comes from rushed or careless programming. Why not write in memory-safe systems languages like Rust that can completely avoid these entire classes of bugs?