To me (as a functional safety engineer) it looks like the designers made a very common beginners mistake at the very beginning while designing MCAS.
This mistake can sometimes even be found within training documents.
MCAS should only be active in rare situations and only change the feel (low impact).
It's like an airbag which is only needed in case of an accident where it may help you.
Therefore it got a low A rating.
But this is an availability rating, not safety!
Functional Safety covers a different question: What can go wrong if this functions fires off in the worst possible situation (by considering all possible situations). In this case at maximum speed and low height. And is there any kind of controlability?
Like an airbag explosion hitting and killing you (critical) while stepping out of the car (common situation) without any chance to avoid it (too fast).
-> It should have been rated higher, probably critical (C) as already mentioned
All further analysis, quality methods, redundancies (2 or 3 sensors), documentation, process requirements... rely on this rating which was probably wrong.
In addition they changed the maximum impact of the system later (0.6 to 2.5) and did not question the assumptions within the first analysis. This should happen automatically as part of the safety process.
MCAS had apparently a latent systematic (design) fault which ended up in a critical fault as soon as the AoA reading was wrong (2nd fault).