It is not more unsafe than fixed-sized arrays on the stack and stack clash protection (which you need anyway) protects against this. Also if you compare with C++ and use std::vector, surprise, a CVE about to happen: https://godbolt.org/z/cTG71aTsf
(yes, one can activate library assertions, but still - by default - unsafe)
(yes, one can activate library assertions, but still - by default - unsafe)