I would imagine precautions would be taken at the device level, much like Apple and Google do now.
What it seems you are describing is a malicious app, which the google play store has thousands and thousands of.
If the app sucks, it will get horrible reviews and not be used, just like any other app.
Safe is just a place to put things, you dont blame servers for malicious apps, or SQL…etc…, so why would you blame SAFE?
In order for an app like this to work, the user would need to download the crappy app and agree to all device permissions
The app could then in theory set up a vault…and may even possibly set up a scheme to steal my earned coins (assuming my device is actually earning coins) …but the bad public image would be for the app, not SAFE…
Again, you dont blame a browser for a pop up or your email client for spam, they are just platforms that deliver or offer access to horrible people’s software and code…