I agree that specific product configurations shouldn't be in there, but should be in the IT security course, but there's a lot more to secure coding than the ways the language itself can have vulnerabilities. There is also secure design, which needs to be taught somewhere. Not just memory safety, but that you need to encrypt some data, hash other data, and be certain about the security of wherever you've stored it. They need to know how an attacker works so they can add the basic security precautions to their code. They need to know about information leakage so they can prevent having that vulnerability. Many of these things aren't about the tools they're using, but how they write their code.
I was taught all this stuff. Some of it was in security courses which were not mandatory, but at least some of it was included by professors who wanted to do this well. Still, those designing courses would do well to ensure it is there.