More seriously, a reasonably sane way to create a lot of web-heavy services (writing out something simple for brevity, not anything perfect) is with large regions partitioned into ropes (for use with, e.g., iovecs kernel APIs). You have a tiny bit of potentially memory-unsafe stuff in a simple backing data structure (or not -- at $WORK we're moving more things to static allocation models for a host of other benefits), and then everything else you do web-wise is with views into those ropes (enabling incremental processing and whatnot if you care). The rest is memory-safe by definition (only using slices and other such safe techniques), so if you have any memory bugs from there then they're the same logic bugs you can write in any language (a fairly classic example in a web context is serving another user's data, especially by not resetting view states, but that's also not what happens in a "normal" Zig program because the compiler will yell at you when you miss some fields).
You might notice that my answer seemingly wasn't Zig-specific. You can use that same architecture in C. Why is Zig safe? It's a lot of little things -- first-class errors, defer and errdefer statements, first-class tests and fuzzing, the existence of a built-in fat pointer type, etc. If you propose the same idea in C you'll likely screw up a detail somewhere (not checking an error, not using yet another fat pointer implementation for ergonomic reasons, whatever). In Zig you'll write safe code by default.
There are other architectures, other ways to ensure safety, and other things the compiler does to keep you on the straight and narrow. You could go fairly deep into the "why" and "how" of Zig being safe enough. I'll leave that chore for somebody else. The other half of your question though is "what do you gain?"
You gain lots of things, and they might not matter to you, but they probably exist.
One thing I encountered was needing a faster language and not being able to justify the huge ramp-up time to teach Rust to a bunch of Pythonistas (nor the ramp-up time on the company if we tried to hire explicitly for that work, even if we could have gotten the additional budget).
You also gain access to really world-class programmers. There are great programmers in every language, but in established languages they're a lot harder to find in any given job search (Not talking about any of you here on HN of course :) The point is that resumés have a sampling bias from the perspective of the receiving company favoring people who struggle to get jobs, and for a variety of reasons that gives you a much higher signal-to-noise ratio when hiring for less popular languages). This was true of Rust at one point too, but IMO it's a little harder to hire for now (yet still better than even more popular languages).
As a broader point, for somewhat nebulous reasons I don't fully understand yet, it's by far the easiest language I've personally found for writing high-performance software correctly. C/C++/Rust/etc were fine enough I guess (all of them more than fine in other problem domains -- I've used them professionally and don't have too many complaints that other practitioners would disagree with), but they were comparatively hard to use to write code that was anywhere near optimal for complicated problems.
More seriously, a reasonably sane way to create a lot of web-heavy services (writing out something simple for brevity, not anything perfect) is with large regions partitioned into ropes (for use with, e.g., iovecs kernel APIs). You have a tiny bit of potentially memory-unsafe stuff in a simple backing data structure (or not -- at $WORK we're moving more things to static allocation models for a host of other benefits), and then everything else you do web-wise is with views into those ropes (enabling incremental processing and whatnot if you care). The rest is memory-safe by definition (only using slices and other such safe techniques), so if you have any memory bugs from there then they're the same logic bugs you can write in any language (a fairly classic example in a web context is serving another user's data, especially by not resetting view states, but that's also not what happens in a "normal" Zig program because the compiler will yell at you when you miss some fields).
You might notice that my answer seemingly wasn't Zig-specific. You can use that same architecture in C. Why is Zig safe? It's a lot of little things -- first-class errors, defer and errdefer statements, first-class tests and fuzzing, the existence of a built-in fat pointer type, etc. If you propose the same idea in C you'll likely screw up a detail somewhere (not checking an error, not using yet another fat pointer implementation for ergonomic reasons, whatever). In Zig you'll write safe code by default.
There are other architectures, other ways to ensure safety, and other things the compiler does to keep you on the straight and narrow. You could go fairly deep into the "why" and "how" of Zig being safe enough. I'll leave that chore for somebody else. The other half of your question though is "what do you gain?"
You gain lots of things, and they might not matter to you, but they probably exist.
One thing I encountered was needing a faster language and not being able to justify the huge ramp-up time to teach Rust to a bunch of Pythonistas (nor the ramp-up time on the company if we tried to hire explicitly for that work, even if we could have gotten the additional budget).
You also gain access to really world-class programmers. There are great programmers in every language, but in established languages they're a lot harder to find in any given job search (Not talking about any of you here on HN of course :) The point is that resumés have a sampling bias from the perspective of the receiving company favoring people who struggle to get jobs, and for a variety of reasons that gives you a much higher signal-to-noise ratio when hiring for less popular languages). This was true of Rust at one point too, but IMO it's a little harder to hire for now (yet still better than even more popular languages).
As a broader point, for somewhat nebulous reasons I don't fully understand yet, it's by far the easiest language I've personally found for writing high-performance software correctly. C/C++/Rust/etc were fine enough I guess (all of them more than fine in other problem domains -- I've used them professionally and don't have too many complaints that other practitioners would disagree with), but they were comparatively hard to use to write code that was anywhere near optimal for complicated problems.