The difference is that Rust is safe by default. The `unsafe` keyword serves as documentation that the code it applies to should be reviewed extra carefully for soundness. C++ on the other hand is unsafe by default, and all code must be reviewed extra carefully to verify soundness. Unless of course you wrote linters to prevent anyone from using constructs that can possibly be used unsafely without a manual “I know what I’m doing” override, but I think despite all the recent progress in static analysis this still isn’t possible