[TuxSH]

Not quite the best example, since Git usually has unrestricted file access and network access through HTTP/SSH, any kind of RCE would be disastrous if used for data exfiltration, for instance.

If you want a better example, take distributed database software: behind DMZ, and the interesting code paths require auth.

[1718627440]

Git already runs "foreign" code e.g. in filters. The ability to write code that reacts unexpectedly on crafted user input isn't restricted to languages providing unchecked array/pointer access.

[nicoburns]

Unintentional bugs that caused data destruction would also be disastrous for a tool like git

[johnisgood]

Which are more likely to be introduced by a full rewrite.