Note, they talk about retrofitting mitigations into the web browser running javascript, not in general. It's hard to find a reason why software mitigations wouldn't work for a language and a compiler designed from scratch for it.
Mitigating Spectre only makes sense if you’re doing it in a VM (e.g. operating system, web browser, processor), a system that loads and executes untrusted code. Not in a language or a compiler. If your language/compiler doesn’t allow the coder to exploit Spectre, they’ll just use another language/compiler.
The problem is much bigger than that. Today pretty much all mainstream languages rely on untrusted modules ecosystems, untrusted github projects, etc. If we were to create language level boundaries to address those problems, we would need to deal with Spectre as well.
Either way, my point was that it's absolutely possible to fully mitigate Spectre in software. A particular group of people just found it too hard to do for the things they work on. Doesn't mean the same applies to anything else.
