format-security warns of usage such as printf(x), which is usually a
security hole.
int-conversion is very useful to find cases such as
error: assignment to 'const char *' from 'int' makes pointer from integer without a cast [-Werror=int-conversion]
msg = strerror_r(errnum, buf, buflen);where the usage of things like the wrong strerror_r are legitimate errors in the application that cause it to crash. it makes more sense for the compiler to reject it instead, and this does that.