Side note: DISABLE_VULNERABILITIES=yes seems like a strange way to spell “enable vulnerabilities.”
You are right, it seems :)
Here is its description from the FreeBSD’s ports(7) man page.
If defined, disable check for security vulnerabilities
using pkg-audit(8) when installing new ports.
So in short it means disable check for security vulnerabilities with DISABLE_VULNERABILITIES=yes variable.
They could use DISABLE_VULNS_CHECK which could be more ‘describing’ but they did not :)