Do you mean unsafe for a miner who considers accepting a transaction into his block, or unsafe for a recipient of one of the versions of a transaction (who might receive less or nothing at all in an update)? The second one really depends on the greater "scheme" in which transaction replacement is used; I haven't given the first one much thought yet.

That's just like double spending, right? So it isn't unique to transaction replacement at all: even without transaction replacement, attackers can "flood the network"(*) with double-spends, until one of them gets accepted into a block. The only difference created by transaction replacement is that the attacker, like a legitimate user, can indicate which of the "double-spends" should be chosen over the other ones. This can also be indicated without transaction replacement, in a more implicit, economical way, by increasing the transaction fee. If there is any difference at all, the explicit way with sequence numbers should be more reliable.

Again, the consequences for a recipient of one of the versions of a transaction completely depend on the greater "scheme" in which transaction replacement is used. The "scheme" I'm thinking of is a microtransaction channel; in that case, one of the sides of the channel can not attack the other side of the channel by flooding the network with transaction updates: the signatures of both sides are needed to create a valid transaction update.

But, please, PLEASE answer my question in post #12. It's much more urgent to me than this discussion about transaction replacement.

(*) I'm not exactly sure what you mean with that phrase. Do you mean it could be a DoS attack on the network?