The safety is achieved by eliminating constructs which cannot be proven to be safe. Additionally, Rust-style safety involves adding more information explicitly to the source which otherwise has to be kept in the programmer's head (or externally like sel4): object lifetimes, lock rules (see original article), etc.
At best you end up with "first wrap all your original code in 'unsafe' and then gradually move the safety boundary", but even that is very difficult.
Not advocating for this, but you could also imagine a C superset where all of the new features only apply in 'safe' blocks, which would be backwards-compatible, and likely safer-in-practice.
A C variant that e.g. defined OOB access to segfault (or panic in this case) would be strictly safer while being fully compatible with all valid C code. Not that I'm advocating for such a C variant but your snide retort is simply wrong: there is plenty of room for making C safer without reinventing the wheel.
Pick one.
The safety is achieved by eliminating constructs which cannot be proven to be safe. Additionally, Rust-style safety involves adding more information explicitly to the source which otherwise has to be kept in the programmer's head (or externally like sel4): object lifetimes, lock rules (see original article), etc.
At best you end up with "first wrap all your original code in 'unsafe' and then gradually move the safety boundary", but even that is very difficult.