Web application frameworks are made to help developers building web applications.
Some of them also help you secure the web application. In fact, one framework is not more secure than another: If you use it correctly, you will be able to build secure apps with many frameworks. But Ruby on Rails has some clever helper methods. For example against SQL injection, so that this is hardly a problem. It‘s nice to see all Rails applications I audited, had a good level of security.
In general there is no such thing as plug-n-play security. It depends on the people using it, and sometimes on the development method. And it depends on all layers of a web application environment: The back-end storage, the web server and the web application itself (and possibly other layers or applications).