This would probably tie into a possible Security Workgroup. Unsafe code differs from a performance vs security standpoint since an HPC application that is not on the web probably does not need to consider security much over performance, other than safety as in preventing bugs.
At the same time UCG would be problematic without considering both security and performance and clearly drawing a line between the two. There are some who have indicated their desire to be involved specifically in the security aspects.