> it seems to be the case that the majority of libraries are unsafe by default (especially the dynamic languages), so de-facto it is a problem with YAML.

It may seem that way, but it's not. Re: cryptographic functions