As for the last point, anyone can clearly see that Daniel is refuting the fact that jemalloc is insecure. There is no discussion of using hardened malloc at all. Nobody is being attacked for using hardened malloc. Only some misinformation has been corrected as others have pointed out
Please read the contents of that link and you'll arrive at the same conclusion
Copperhead is just selling a reskinned version of the open source project. They are also not secure as you can see from their website. There is no android 11 release and it's at least 3 months behind in security patches. That is not secure. If you check grapheneos it is using the most recent security patch and android version available
Grapheneos has been around far longer than the commercial project. The commercial project was set up to fund the open source project however James Donaldson, the current copperhead CEO has a criminal background and tried to turn it into something completely different