This is not necessarily true, you can write unsafe Rust code and you can write safe C++ code, but it does seem to hold in practice that the guardrails imposed by Rust help quite a bit in stopping devs from making really stupid mistakes.
That would be the "thrustworthiness" implied by the use of Rust.
- Do you know your invariants?
- Have you documented them?
- If using unsafe block, have you asserted them or guaranteed that they hold for any input?
Granted, Rust is kind of mediocre at teaching you this. It raises warning for unsafe fn without safety documentation block, but not when omittin safety comments in unsafe blocks.
I don't really know what a VMM consists of, so I'm mostly surprised that this project is half a million lines of code.
Edit: And it turns out it's enabled as a warning in this repo.
I haven't seen any causation between SW and their creator. A good example: Hans Reiser.