Excuse my ignorance, but what about a dynamically-typed language makes an application inherently less secure?

Assuming your design is correct and secure - and that is already really hard to do - you still have to ensure that you implementation matches your design, i.e. contains no defects, and this is harder in a dynamically typed language, because there are classes of defects that the compiler of a statically typed language will catch while they go unnoticed using a dynamically typed language. So dynamically typed languages are not less correct or secure on their own, they just do not prevent you from writing incorrect or insecure code in the same way statically typed languages do.

One example I once read about are control systems for rockets and missiles - they use different data types for x, y and z coordinates. They are all just numbers but you really want to make sure that you do not accidentally swap two variables and the missile turns left while it should ascend. And you just can not enforce such constraints in dynamically typed languages.

It's harder to reason about the behavior of a program running in an environment that allows monkey patching and eval().

You can just have a style guide that disallows those constructs.

Which unlike a compiler has a higher chance of being improperly applied or ignored.

Hi danbruc, yes, that's correct, we've rebuilt the engine using Scala.

The claim about banking best practices is an obvious lie on its face.

Have they been audited?