I find it funny that they consider static linking as specifically more secure choice. dynamic linking had its vulnerabilities but if 'had vulnerabilities' meant 'will always be insecure' they wouldn't use a fucking linux kernel which had plenty of vulns.
dynamic linking allows ASLR which makes exploit development harder (you need to find - sometimes multiple - infoleaks and make your exploit recalculate addresses based on that). the article about limitations of ASLR they're linking to is completely irrelevant here as it discusses the inherent limitations of this technique on 32-bit machines while one of the goals of stali is to target x86_64. guessing a 32-bit number is inherently simpler than guessing a 64-bit one, it's simple mathematics.