With Debian and Ubuntu, there is some quality control. With Boost
(C++'s main repo), there is significant quality control. Are Rust crates(.io)
similar or are they a complete free-for-all? Can anyone upload any code they want under any name that they want?
crates.io
's "Security" link sends you to rust-lang.org/policies/security
that just talks about how very important security is to Rust.
It's not safe by default. Lib.rs is integrated with review systems, though. If you check a crate, there will be Audit button, leading to the reviews list.