| C++ is much more safe than C and has numerous safety contracts that are impossible to represent in C. Its always weird when C and C++ are thrown together. Barne has talked about it, but one of the primary reasons he created C++ was to address safety issues in C. And he's talked about this since the early 90s. Like access modifiers and private by default. Something we take for granted now, but something which is impossible in C. Or std::vector. Unlike array in C, it won't blow up if you add too much stuff to it. Again, obvious, but at the time, revolutionary. Or exceptions! We take them for granted to! No more forgetting to check errno! No, if you don't catch an exception your program terminates, so you have to handle errors. Or, the biggest one of all: RAII and ownership. Might sound familiar to rust devs! Point is, C++ is not C. That's why C++ exists. Its not safe, but it's much, much safer. |
The issue Mozilla faced wasn't that it wasn't safer than C. It's that it was not safe enough for their needs. A chainsaw is safer than a saw blade; you still don't want to trim your beard with it.
And the C++ working group, to this day, hasn't even moved one inch to accommodate those needs. As another commenter noted, they added a feature for C++26 that Rust abandoned circa 2019.
They couldn't multithread the components like compositor and renderer as much as they would have liked, even with all the caveats.