I don't have much of a problem with the principle of carrying out a safety analysis as part of a rigorous design process, to identify potential hazards that an unstructured mind might miss. I have a big problem with how it's carried out. The methodology searches for things that may go wrong and seeks to quantify them: it never (certainly, never in my experience) simultaneously evaluates the advantages of providing that functionality and quantifies that benefit. The whole process is therefore acutely unbalanced and inevitably results in diminished performance or unnecessary limitations that the squadron pilot is supposed to apply to compensate for inadequate engineering.