Exposing only an unsafe API (which is inevitable when using MaybeUninit) is usually a bad tradeoff, but if they've exposed both MaybeUninit for users who care about the performance implications of initializing then immediately overwriting memory, plus a safe API (e.g. BorrowedCursor::append, which is safe, but has extra copies compared to using uninit_mut, MaybeUninit::slice_as_ptr and set_init to replace uninitialized bytes with the real data.