There’s actually not much of a security difference between the two these days, both protocols have gone thru improvements, both use AES-128 encryption, both use frame protection etc.
That pairing issue of ZigBee was addressed with v3.0, which uses random install codes for each device.