The security page is out of date. It links to a dead google group and does not link to this page itself, the IRC, nor the GitHub under the security tag.
This outdated security page presents NixOS as insecure at first glance, making it less defensible industrially, regardless of the quality of the NixOS security community. Recommendation is to update the two sentences on the page to accurately reflect the current state of NixOS security.
tl;dr A dead google group is not a good look. Linking here and to the GitHub from the security page will better reflect the quality of NixOS security.