The primary established mechanism for safe softforks is the reserved script NOPs (which will not be relayed or mined by unmodified software today), the secondary one is transaction versions.
Neither of which are being used for segregated witness.
According to the BIP, it works like P2SH and uses a template.
OP_1 <0x{32-byte-hash-value}>
If an output is of that format, then it counts as a witness output (the OP_1 can be replaced by other values to give SW version).
An alternative would be to use
OP_1 <0x{32-byte-hash-value}> OP_SW_VERIFY
OP_SW_VERIFY would be one of the NOPs. This would ensure that an output that matches the template would not end up unspendable.
Outputs that don't include a checksig of some kind are already inherently unsafe to spend. At least the P2SH and SW templates don't include OP_CHECKSIG calls.