This reddit discussion is picking up steam. I’m sure there are folks here that read the Rust subreddit but don’t participate in discussions there, like myself (I don’t like the UX of it, personally). So, I figured having a (parallel but separate) discussion here can’t hurt.
So, it’s a bit unfortunate that the crate in question is actix-web, but this can happen (perhaps all too easily, depending on one’s background) in any crate. It is fortunate in that a web framework facing the open internet cannot cut corners when it comes to safety, and so better to discuss (and hopefully fix) these issues now rather than when a publicized exploit occurs.
I’m speculating, but I think a lot of this has to do with designing code with the borrow checker in mind, which takes quite a bit getting used to (and still occasionally hard/unnatural/unergonomic once layers of abstraction pile up and design “mistakes” become more apparent). It’s easy to just punt to unsafe and hope things line up properly, but that’s a shortcut that will very likely come back to bite - hard - once even more code is layered on and the safety invariants get lost in the maze of code.
The upside is this topic will now get (more) attention because a popular and well-received by the community crate is fielding criticism.