there are more classes of exploits than simply memory management errors. For instance look at the laundry list of issues surrounding verification of x.509 certificates. Deciding a forged certificate is valid is catastrophic, and invokes no sort of memory related exploit at all.
X.509 certificates don't contain any Turing-complete languages, so the fact that X.509 interpreters have the same class of bugs as font interpreters, that supports my point that Turing-completeness itself is not the problem.
