"attackers can force the stack to overflow into the heap"

No, this does not sound like a "recursion is often bad" issue. When the language is so unsafe that writing recursive calls can open up for attacks, then I think it is time to dump the language rather than forcing developers to traverse graphs without recursion.

Avoiding regular iteration loops makes software more maintainable and less error prone, and therefor safer. Use a language that can do this risk free instead of discouraging it...

@lettosprey can we qualify this a bit more?

Unbounded recursion that causes attacker-controlled stack usage is bad. It can be easy or really friggin' hard to mitigate. You need to maintain a depth counter in your state somehow, and even then, it's hard to pick a limit when you don´t know how much stack is consumed per level.

Not all languages have tail recursion. Not all cases where you'd want to use recursion actually admit tail recursion.

(Rust would have the same issue here.)