If @safe is just a convention, then I don't see the point of having it at all. If it can't be a guarantee, then it's pretty much another tech buzzword with no teeth.
In order to have @safe be a guarantee of memory-safety, we need to prevent @safe code from calling any @trusted code.
