Rust doesn't make this mistake because it didn't repeat the core mistake from C++ in the first place.
If you look at the paper, the primary reason is
Signed values are the result of most integer calculations
That's just not true in Rust.
C++ has the "usual arithmetic conversions" which mean that if you add unsigned short to unsigned short you get not another unsigned short, but an int! (Well, probably. Depending on your platform's integer sizes things could be even weirder.)
In Rust if you add a u16 to a u16 you get a u16, not an i32.
So unsigned types aren't second-class in Rust the way they are in C++, and thus it's good and correct for indexing and .len() and such to be unsigned in Rust.