Was going to jump in to say this. We interviewed Jeff Vander Stoep about this a couple months ago; it was pretty interesting: https://securitycryptographywhatever.com/2024/10/15/a-little...

It's always better to get new memory-safe code in to replace old memory-unsafe code, when you can, but the prioritization here is a little more complex.