Macros don't have any such responsibility. They can expand to whatever code they like, whether sound or not.
macro_rules! totally_safe {
($($tt: tt)*) => { unsafe { $($tt)* } }
}
totally_safe!(::std::ptr::null::<u32>().read());
That's a problem. There is no way to say that the macro is unsafe to use. There is no safety hygiene, which could prevent laundering unsafe code through an unsuspecting macro. There is even no requirement to have an unsafe token.