While I don’t necessarily disagree with this, I think that in this particular case we are just talking about fixing issues identified by an automated tool, which is just a low-hanging fruit — we can have correct code at the price of programmer effort, without considering whether it is relevant or not from a security perspective.
It is always nice to fix bugs before they show up…
In any case, it would be nice to hear from the core devs about whether they would be receptive to small PRs fixing issues identified by this tool or similar ones.