It's true that accepting an unconfirmed RBF transaction is much riskier than accepting an unconfirmed non-RBF transaction, but there's a chance that even a non-RBF transaction is never confirmed.
CPFP is a kind of RBF, IIRC;
Both CPFP and RBF can be used when you want to accelerate a transaction. But in my opinion, it's not true to call CPFP a kind of RBF.
In CPFP, you spend the outputs of the unconfirmed transaction with a high fee and encourage miners to include both transactions in a same block. In this method, you don't make any change in the original transaction. CPFP should be done by the receiver. (It can be done by the sender if there's a change in the transaction)
In RBF, you replace the original transaction with a new one and make it invalid. RBF can be done only by the sender.
RBF just allows you to bump the fee to have the transaction be verified quicker.
RBF also allows you to change the inputs and outputs. A requirement is that the replacing transaction has to have at least 1 same input.