It's not a big step up when the software was written by a single person who did it to learn rust and doesn't understand the problem domain, over a weekend. Software doesn't need to use unsafe blocks to have dangerous bugs and vulnerabilities.

I would take openssl over most (though not all, for sure) rust cryptographic code. OpenSSL's bugs have not been RCEs for the most part, and many of them could happily exist in rust. The cult like perspective that language choice can make software automatically safe in the absence of things like domain expertise or long term production usage increases risk even where the language itself theoretically reduces them. ( See also: https://en.wikipedia.org/wiki/Risk_compensation )

Especially with the deeply nested dependencies the rust ecosystem seems to me like a ticking time bomb for security disasters. The same bad practices exist in NPM and have already produced a number of high profile incidents, as it repeats in rust there really won't be any excuse but to admit that it resulted from an excess of hubris.