I wanted to use std.array.insertInPlace in a @safe module. It's not marked @safe or @trusted. The string implementation uses pointer arithmetic, and the non-string implementation uses memmove.
Should things like this be marked @trusted in general? Presumably if a function isn't memory-safe, it doesn't just cause memory errors arbitrarily; there's likely something the caller has to do to ensure the function doesn't crash or cause memory corruption. It seems like that should be documented. When it's not documented, I start feeling a bit paranoid. Should it be a bug if a non-@safe, non-@trusted function doesn't document what you need to do to call it safely?
