So I can tab-complete files inside a tarball without getting pwned by a malicious filename. So my prompt can show when I'm in a git directory without giving RCE to every script kiddie on the internet. So I can actually read scripts before running them instead of giving up because even the cleanest, best-written sh is by necessity full of underhanded hacks.

Shells are combination development environments, programming languages with primitives and standard libraries, and UIs, and as such need to be exactly as security-minded as any other standard library, IDE, or file explorer.

Read scripts before running them, so you can't do that in BaSH? I do acknowledge the first point you made about a malicious filename though, there should be a safeguard against that, although in all honesty if someone is planting malicious files in your system that you've got bigger issues.

Because shells generally provide you with almost unrestricted access to the system, so it’s pretty important that they are secure?

If you already have access to the shell of a system would you not say that you have already defeated many of the security points of the system you are breaking into?

A shell does not grant you unrestricted access to a system, that's absurd, once an attacker gains access to a shell then they still have gain root.

Because sometimes people write privileged shell scripts, and they should not be vulnerable.

Are you referring to the BaSH vulnerability that has to do with how SHELLOPTS and PS4 environment variables were processed for executables that had setuid? That was an issue, SETUID should not be set for certain programs in the first place, anyway there's a patch for that. How does writing a shell in Rust or any other language for that matter guard against this?

Not segfaulting everywhere?

Definitely.