There's only one problem with Ethereum - it makes no sense to put the computational logic on-chain. It is also wasteful to force every full node to run the logic, while it doesn't add security. DAO contract had a bug, the "attacker" issued a transaction with a script that was executed by all present full nodes yet it didn't prevent the exploit from happening. Because the nodes blindly trust the Ethereum Virtual Machine devs, the dApp devs and the auditors that reviewed the dApp code. So, if all three would just validate the transaction and sign it - similar to multi-sig contract - we would have the same result, with the similar level of trust while wasting a lot fewer resources.
Want to trust even less - no problem - make 10 of 10 multi-sig contract.
What we need to make smart contracts happen is a trusted blockchain to record the state of reality. We already have such a blockchain - this is Bitcoin. In some cases - where we want to make the output of the program to be censorship resistant - we might also need a decentralized storage - like Filecoin, StorJ, Sia, MaidSafe etc...
Ethereum never maid any sense and the core devs explained this to Vitalik long time ago. He did it anyway. A few years later there's still no real dApps that are profitable or make sense.
You are right about Ethereum being vulnerable but you don't understand Tauchain.