There we are again, at the contextual definition. 
Notice that "only the combination of multiple libraries makes unsafe code break" has happened before, e.g. the combination of Rc and thread::scoped (famously known as Leakpocalypse), or the combination of Josephine and nodrop before unions were introduced. That latter thread also contains some discussion of the pitfalls of a contextual definition of safety.
From my POV, both of your example crates are wrong. You may only impose additional invariants or things like a locking discipline if you can actually enforce that nobody else can access the relevant data, at all. That's why the module boundary and privacy are so important for safely encapsulated unsafe code. A pub static mut is inherently public and nobody can impose a protocol on it. sneaky is wrong for assuming that nobody else accesses STATE.
Still, this is certainly a very interesting example! I had not realized that "only one crate may import this" can be a useful restriction. I think the pure-Rust case is not as interesting as we can blame it on the pub static mut (just don't make it pub), but once FFI is involved we cannot rely on privacy any more, and such a restriction seems like a neat trick to work around this limitation.