Safety features for open source projects is an interesting one, and I wish I had a better answer.
Do the lead developers of a project have an obligation - legal? ethical? moral? - to build safety features into their codebase. To bake in "safety by design"?
Even if they don't think that they, personally, need those features - which may be privilege talking, or it may be that their specific use case doesn't demand it, but others use the software differently.