Many hosts use to disable cURL due to "some" security reasons.

I am searching for these reasons. A fast google research did not produce an in-depth information.

Many infections (especially botnet types plus some admin-spend types) that abuse arbitrary code execution weaknesses will inject a little payload script that then uses cURL or wget to download further instructions and configuration. It might be for blocked in make an effort to limit the impact of those robot attacks.

I recall there have been some bugs in cURL with PHP version however it was very long time ago and all sorts of used PHP versions are in possession of no cURL exploits

I suppose, real reason isn't security, but instead financial ) When you outlay cash - there's not a problem with cURL any longer.