Daeken's point below is spot on, but I thought I'd add that, if we don't have the manpower to rewrite everything in a safe language, we can go out of process and sandbox like Chromium does. (In fact, the plan is to sandbox even the safe code.) Of course, that's plan B; plan A is to parallelize the entire stack, top to bottom.
Rust is interesting to deal with some hard problems keeping a multicore program safe and efficient, but I'm sure sandboxing will provide a better tradeoff for a lot of things (and as sho_hn points out, Harfbuzz correctly embeds a lot of domain knowledge from multiple cultures). C can be locked down pretty tight, see for example ZeroVM which restricts it to pure functional code.
