Most of this stuff tends not to run in a privileged / network context so it's not clear to me that there are big security gains to be had?
To be fair there are daemons and scripts that shell out to these things and when all the stars align you maybe get an exploitable scenario - but these tend to be situations where doing that in the first place was a bad idea (e.g. $PAGER is not meant to be a load bearing security component and rewriting in Rust is unlikely to fix all the issues with this class of usage).
Whenever you run one of these tools on a file you downloaded from the Internet, you're relying on the tool having no exploitable security bugs. Regardless of whether or not $PAGER was intended to be a "load bearing security component", it definitely is.
To be fair there are daemons and scripts that shell out to these things and when all the stars align you maybe get an exploitable scenario - but these tend to be situations where doing that in the first place was a bad idea (e.g. $PAGER is not meant to be a load bearing security component and rewriting in Rust is unlikely to fix all the issues with this class of usage).