It’s possible to develop a script that allows an attacker to induce someone in the family to reveal the word. And then use the word against another member of the family.
This is true, and you're right. A safe word treated as the only defense is a single point of failure. This is why multiple layers is probably the most important part. Even with a compromised word, the attacker still has to defeat the callback rule (hang up, call the number you already have), the financial delay (no money moves through unusual channels for 24 hours), and the false-detail check (introduce something that didn't happen and see if they agree). It reminds me of the evolution of passwords, to MFA, to passkeys.
It’s possible to develop a script that allows an attacker to induce someone in the family to reveal the word. And then use the word against another member of the family.
This is true, and you're right. A safe word treated as the only defense is a single point of failure. This is why multiple layers is probably the most important part. Even with a compromised word, the attacker still has to defeat the callback rule (hang up, call the number you already have), the financial delay (no money moves through unusual channels for 24 hours), and the false-detail check (introduce something that didn't happen and see if they agree). It reminds me of the evolution of passwords, to MFA, to passkeys.