posix_spawn is fine for that point in particular: it's encouraging the use of exec to regenerate state in servers that fork child processes as workers, so that accidentally leaking information from the child doesn't also leak it for the original parent process as well.

posix_spawn-style interfaces aren't particularly friendly to spawning processes with reduced privileges though, because you don't want to drop privileges in the parent.