I'm not sure it's a good idea to have

--tls_allow_unsafe

always available. There are possibly other config that used incorrectly reduce the security, but I would think that our objective is to reduce them. Now I see that it's tied to it being a Debug build basically (although one could avoid passing NDEBUG for other type of build configurations); maybe we can give it an option that sets a special preprocessor define that adds development stuff to the code. I know that it's still conditional compiling but at least it's a bit more explicit, otherwise I see it as shipping with a backdoor ^^'.