Given Safe is the leading open source multi-sig provider and widely adopted (100B in assets stored?), shouldnt they consider to implement something akin to Aave's Safety module?

Besides of ongoing bug bounties, etc.

Are they going to be on the hook for the stolen money?