I believe your comment under appreciated the utility of having all unsafe functionality clearly marked as such, with the additional scrutiny that such a label would bring. Instead of having to look through the entire codebase for memory issues, only small set of areas would need to be validated.